Headline
RHSA-2023:3725: Red Hat Security Advisory: less security update
An update for less is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-46663: A vulnerability was found in less. This flaw allows crafted data to result in “less -R” not filtering ANSI escape sequences sent to the terminal.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-06-21
Updated:
2023-06-21
RHSA-2023:3725 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: less security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for less is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The “less” utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since “less” does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Security Fix(es):
- less: crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal (CVE-2022-46663)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2169621 - CVE-2022-46663 less: crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal
Red Hat Enterprise Linux for x86_64 9
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
x86_64
less-590-2.el9_2.x86_64.rpm
SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f
less-debuginfo-590-2.el9_2.x86_64.rpm
SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187
less-debugsource-590-2.el9_2.x86_64.rpm
SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
x86_64
less-590-2.el9_2.x86_64.rpm
SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f
less-debuginfo-590-2.el9_2.x86_64.rpm
SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187
less-debugsource-590-2.el9_2.x86_64.rpm
SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
x86_64
less-590-2.el9_2.x86_64.rpm
SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f
less-debuginfo-590-2.el9_2.x86_64.rpm
SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187
less-debugsource-590-2.el9_2.x86_64.rpm
SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
s390x
less-590-2.el9_2.s390x.rpm
SHA-256: 95d3a04d7564944f2d179a8de997e816974b4729c90aba634ad223b29cb80578
less-debuginfo-590-2.el9_2.s390x.rpm
SHA-256: 2d6bbb52b2aecd552775a18a3760aed949e255584fdacae58f1ab56dd14f456a
less-debugsource-590-2.el9_2.s390x.rpm
SHA-256: 5cec13c091a7a88c86ef71a24a561822dbe09fed2fe6db942416d05d3b0d8eaf
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
s390x
less-590-2.el9_2.s390x.rpm
SHA-256: 95d3a04d7564944f2d179a8de997e816974b4729c90aba634ad223b29cb80578
less-debuginfo-590-2.el9_2.s390x.rpm
SHA-256: 2d6bbb52b2aecd552775a18a3760aed949e255584fdacae58f1ab56dd14f456a
less-debugsource-590-2.el9_2.s390x.rpm
SHA-256: 5cec13c091a7a88c86ef71a24a561822dbe09fed2fe6db942416d05d3b0d8eaf
Red Hat Enterprise Linux for Power, little endian 9
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
ppc64le
less-590-2.el9_2.ppc64le.rpm
SHA-256: 71f8b7a59e51aead826378ceed4b02c73d841a7f75c54fa8bcb49f643d50f6e4
less-debuginfo-590-2.el9_2.ppc64le.rpm
SHA-256: f3539b5c2b3634b48069d0c92807d0ecd551863c5c60677818c2d90ebdd43727
less-debugsource-590-2.el9_2.ppc64le.rpm
SHA-256: b94aa01683a8fa54e51549d34a490e5e3d9757bfe15083fd5253570f2ad89e21
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
ppc64le
less-590-2.el9_2.ppc64le.rpm
SHA-256: 71f8b7a59e51aead826378ceed4b02c73d841a7f75c54fa8bcb49f643d50f6e4
less-debuginfo-590-2.el9_2.ppc64le.rpm
SHA-256: f3539b5c2b3634b48069d0c92807d0ecd551863c5c60677818c2d90ebdd43727
less-debugsource-590-2.el9_2.ppc64le.rpm
SHA-256: b94aa01683a8fa54e51549d34a490e5e3d9757bfe15083fd5253570f2ad89e21
Red Hat Enterprise Linux for ARM 64 9
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
aarch64
less-590-2.el9_2.aarch64.rpm
SHA-256: 2084388c1b0033dfcca9db1ee16f200022dc1c7ac6776a45734bee213c108593
less-debuginfo-590-2.el9_2.aarch64.rpm
SHA-256: 93786fc8cd24a7ebd16fdf21071ad4d33870ccef8c4925a4bbd04ea5e1942f80
less-debugsource-590-2.el9_2.aarch64.rpm
SHA-256: d103b46d165e286ebfd80793d97da384f3b5489ad2f0355bab93dc2ca7e1f91c
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
aarch64
less-590-2.el9_2.aarch64.rpm
SHA-256: 2084388c1b0033dfcca9db1ee16f200022dc1c7ac6776a45734bee213c108593
less-debuginfo-590-2.el9_2.aarch64.rpm
SHA-256: 93786fc8cd24a7ebd16fdf21071ad4d33870ccef8c4925a4bbd04ea5e1942f80
less-debugsource-590-2.el9_2.aarch64.rpm
SHA-256: d103b46d165e286ebfd80793d97da384f3b5489ad2f0355bab93dc2ca7e1f91c
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
ppc64le
less-590-2.el9_2.ppc64le.rpm
SHA-256: 71f8b7a59e51aead826378ceed4b02c73d841a7f75c54fa8bcb49f643d50f6e4
less-debuginfo-590-2.el9_2.ppc64le.rpm
SHA-256: f3539b5c2b3634b48069d0c92807d0ecd551863c5c60677818c2d90ebdd43727
less-debugsource-590-2.el9_2.ppc64le.rpm
SHA-256: b94aa01683a8fa54e51549d34a490e5e3d9757bfe15083fd5253570f2ad89e21
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
x86_64
less-590-2.el9_2.x86_64.rpm
SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f
less-debuginfo-590-2.el9_2.x86_64.rpm
SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187
less-debugsource-590-2.el9_2.x86_64.rpm
SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
aarch64
less-590-2.el9_2.aarch64.rpm
SHA-256: 2084388c1b0033dfcca9db1ee16f200022dc1c7ac6776a45734bee213c108593
less-debuginfo-590-2.el9_2.aarch64.rpm
SHA-256: 93786fc8cd24a7ebd16fdf21071ad4d33870ccef8c4925a4bbd04ea5e1942f80
less-debugsource-590-2.el9_2.aarch64.rpm
SHA-256: d103b46d165e286ebfd80793d97da384f3b5489ad2f0355bab93dc2ca7e1f91c
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
less-590-2.el9_2.src.rpm
SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7
s390x
less-590-2.el9_2.s390x.rpm
SHA-256: 95d3a04d7564944f2d179a8de997e816974b4729c90aba634ad223b29cb80578
less-debuginfo-590-2.el9_2.s390x.rpm
SHA-256: 2d6bbb52b2aecd552775a18a3760aed949e255584fdacae58f1ab56dd14f456a
less-debugsource-590-2.el9_2.s390x.rpm
SHA-256: 5cec13c091a7a88c86ef71a24a561822dbe09fed2fe6db942416d05d3b0d8eaf
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.
Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal.
Gentoo Linux Security Advisory 202310-11 - A filtering bypass in less may allow denial of service. Versions greater than or equal to 608-r2 are affected.
Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...
Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...
Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...
Red Hat Security Advisory 2023-3725-01 - The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.
Ubuntu Security Notice 5848-1 - David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service.
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.