Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3725: Red Hat Security Advisory: less security update

An update for less is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-46663: A vulnerability was found in less. This flaw allows crafted data to result in “less -R” not filtering ANSI escape sequences sent to the terminal.
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#kubernetes#aws#ibm#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

All Products

Issued:

2023-06-21

Updated:

2023-06-21

RHSA-2023:3725 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: less security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for less is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The “less” utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since “less” does not read the entire input file at startup, it also starts more quickly than ordinary text editors.

Security Fix(es):

  • less: crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal (CVE-2022-46663)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2169621 - CVE-2022-46663 less: crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal

Red Hat Enterprise Linux for x86_64 9

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

x86_64

less-590-2.el9_2.x86_64.rpm

SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f

less-debuginfo-590-2.el9_2.x86_64.rpm

SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187

less-debugsource-590-2.el9_2.x86_64.rpm

SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

x86_64

less-590-2.el9_2.x86_64.rpm

SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f

less-debuginfo-590-2.el9_2.x86_64.rpm

SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187

less-debugsource-590-2.el9_2.x86_64.rpm

SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf

Red Hat Enterprise Linux Server - AUS 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

x86_64

less-590-2.el9_2.x86_64.rpm

SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f

less-debuginfo-590-2.el9_2.x86_64.rpm

SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187

less-debugsource-590-2.el9_2.x86_64.rpm

SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

s390x

less-590-2.el9_2.s390x.rpm

SHA-256: 95d3a04d7564944f2d179a8de997e816974b4729c90aba634ad223b29cb80578

less-debuginfo-590-2.el9_2.s390x.rpm

SHA-256: 2d6bbb52b2aecd552775a18a3760aed949e255584fdacae58f1ab56dd14f456a

less-debugsource-590-2.el9_2.s390x.rpm

SHA-256: 5cec13c091a7a88c86ef71a24a561822dbe09fed2fe6db942416d05d3b0d8eaf

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

s390x

less-590-2.el9_2.s390x.rpm

SHA-256: 95d3a04d7564944f2d179a8de997e816974b4729c90aba634ad223b29cb80578

less-debuginfo-590-2.el9_2.s390x.rpm

SHA-256: 2d6bbb52b2aecd552775a18a3760aed949e255584fdacae58f1ab56dd14f456a

less-debugsource-590-2.el9_2.s390x.rpm

SHA-256: 5cec13c091a7a88c86ef71a24a561822dbe09fed2fe6db942416d05d3b0d8eaf

Red Hat Enterprise Linux for Power, little endian 9

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

ppc64le

less-590-2.el9_2.ppc64le.rpm

SHA-256: 71f8b7a59e51aead826378ceed4b02c73d841a7f75c54fa8bcb49f643d50f6e4

less-debuginfo-590-2.el9_2.ppc64le.rpm

SHA-256: f3539b5c2b3634b48069d0c92807d0ecd551863c5c60677818c2d90ebdd43727

less-debugsource-590-2.el9_2.ppc64le.rpm

SHA-256: b94aa01683a8fa54e51549d34a490e5e3d9757bfe15083fd5253570f2ad89e21

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

ppc64le

less-590-2.el9_2.ppc64le.rpm

SHA-256: 71f8b7a59e51aead826378ceed4b02c73d841a7f75c54fa8bcb49f643d50f6e4

less-debuginfo-590-2.el9_2.ppc64le.rpm

SHA-256: f3539b5c2b3634b48069d0c92807d0ecd551863c5c60677818c2d90ebdd43727

less-debugsource-590-2.el9_2.ppc64le.rpm

SHA-256: b94aa01683a8fa54e51549d34a490e5e3d9757bfe15083fd5253570f2ad89e21

Red Hat Enterprise Linux for ARM 64 9

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

aarch64

less-590-2.el9_2.aarch64.rpm

SHA-256: 2084388c1b0033dfcca9db1ee16f200022dc1c7ac6776a45734bee213c108593

less-debuginfo-590-2.el9_2.aarch64.rpm

SHA-256: 93786fc8cd24a7ebd16fdf21071ad4d33870ccef8c4925a4bbd04ea5e1942f80

less-debugsource-590-2.el9_2.aarch64.rpm

SHA-256: d103b46d165e286ebfd80793d97da384f3b5489ad2f0355bab93dc2ca7e1f91c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

aarch64

less-590-2.el9_2.aarch64.rpm

SHA-256: 2084388c1b0033dfcca9db1ee16f200022dc1c7ac6776a45734bee213c108593

less-debuginfo-590-2.el9_2.aarch64.rpm

SHA-256: 93786fc8cd24a7ebd16fdf21071ad4d33870ccef8c4925a4bbd04ea5e1942f80

less-debugsource-590-2.el9_2.aarch64.rpm

SHA-256: d103b46d165e286ebfd80793d97da384f3b5489ad2f0355bab93dc2ca7e1f91c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

ppc64le

less-590-2.el9_2.ppc64le.rpm

SHA-256: 71f8b7a59e51aead826378ceed4b02c73d841a7f75c54fa8bcb49f643d50f6e4

less-debuginfo-590-2.el9_2.ppc64le.rpm

SHA-256: f3539b5c2b3634b48069d0c92807d0ecd551863c5c60677818c2d90ebdd43727

less-debugsource-590-2.el9_2.ppc64le.rpm

SHA-256: b94aa01683a8fa54e51549d34a490e5e3d9757bfe15083fd5253570f2ad89e21

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

x86_64

less-590-2.el9_2.x86_64.rpm

SHA-256: 4990bec0b114b06e5974bc8ca0e7af1f52d155222b56154e4ad8d1927101fc1f

less-debuginfo-590-2.el9_2.x86_64.rpm

SHA-256: 357fea3b19d67738a8bfa9980582fb14aec5ac764f29d827f784e1eb34d10187

less-debugsource-590-2.el9_2.x86_64.rpm

SHA-256: 56855e02bcdc4570645e765e78c169d674a028a2235af475b67e74eadc4b0fdf

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

aarch64

less-590-2.el9_2.aarch64.rpm

SHA-256: 2084388c1b0033dfcca9db1ee16f200022dc1c7ac6776a45734bee213c108593

less-debuginfo-590-2.el9_2.aarch64.rpm

SHA-256: 93786fc8cd24a7ebd16fdf21071ad4d33870ccef8c4925a4bbd04ea5e1942f80

less-debugsource-590-2.el9_2.aarch64.rpm

SHA-256: d103b46d165e286ebfd80793d97da384f3b5489ad2f0355bab93dc2ca7e1f91c

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2

SRPM

less-590-2.el9_2.src.rpm

SHA-256: 0bb97a8c5c060d21bb166060e4e6812c0417653ab7a3aed22b69565ea1165db7

s390x

less-590-2.el9_2.s390x.rpm

SHA-256: 95d3a04d7564944f2d179a8de997e816974b4729c90aba634ad223b29cb80578

less-debuginfo-590-2.el9_2.s390x.rpm

SHA-256: 2d6bbb52b2aecd552775a18a3760aed949e255584fdacae58f1ab56dd14f456a

less-debugsource-590-2.el9_2.s390x.rpm

SHA-256: 5cec13c091a7a88c86ef71a24a561822dbe09fed2fe6db942416d05d3b0d8eaf

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-39726: ""?! ANSI Terminal security in 2023 and finding 10 CVEs

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.

Gentoo Linux Security Advisory 202310-11

Gentoo Linux Security Advisory 202310-11 - A filtering bypass in less may allow denial of service. Versions greater than or equal to 608-r2 are affected.

Red Hat Security Advisory 2023-4664-01

Red Hat Security Advisory 2023-4664-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.13.3 images. Issues addressed include a denial of service vulnerability.

RHSA-2023:4664: Red Hat Security Advisory: OpenShift Virtualization 4.13.3 Images security and bug fix update

Red Hat OpenShift Virtualization release 4.13.3 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests. * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Con...

RHSA-2023:4437: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.13.1 on Red Hat Enterprise Linux 8 from Red Hat Container Registry. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

Red Hat Security Advisory 2023-4226-01

Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.

RHSA-2023:4226: Red Hat Security Advisory: OpenShift Container Platform 4.13.6 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41723: A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number...

Red Hat Security Advisory 2023-4091-01

Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

RHSA-2023:4091: Red Hat Security Advisory: OpenShift Container Platform 4.13.5 security update

Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...

Red Hat Security Advisory 2023-3925-01

Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.

RHSA-2023:3925: Red Hat Security Advisory: Red Hat OpenShift Enterprise security update

Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...

Red Hat Security Advisory 2023-3725-01

Red Hat Security Advisory 2023-3725-01 - The "less" utility is a text file browser that resembles "more", but allows users to move backwards in the file as well as forwards. Since "less" does not read the entire input file at startup, it also starts more quickly than ordinary text editors.

Ubuntu Security Notice USN-5848-1

Ubuntu Security Notice 5848-1 - David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service.

CVE-2022-46663: End OSC8 hyperlink on invalid embedded escape sequence. · gwsw/less@a78e135

In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.