SUSE-SU-2025:20394-1: important: Security update for less

SLE-SECURITY-UPDATES null at suse.de
Fri Jun 13 20:30:59 UTC 2025 


# Security update for less

Announcement ID: SUSE-SU-2025:20394-1  
Release Date: 2025-06-08T13:39:11Z  
Rating: important  
References:

  * bsc#1047218
  * bsc#1222849
  * bsc#915387

  
Cross-References:

  * CVE-2024-32487

  
CVSS scores:

  * CVE-2024-32487 ( SUSE ):  8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

  
Affected Products:

  * SUSE Linux Micro 6.1

  
  
An update that solves one vulnerability and has two fixes can now be installed.

## Description:

This update for less fixes the following issues:

  * Updated to version 668
  * Fixed crash when using --header on command line
  * Fixed possible crash when scrolling left/right or toggling -S
  * Fixed bug when using #stop in a lesskey file
  * Fixed bug when using --shift or --match-shift on command line with a
    parameter starting with '.'
  * Fixed bug in R command when file size changes
  * Fixed bug using --header when file does not fill screen
  * Fixed ^X bug when output is not a terminal
  * Fixed bug where ^Z is not handled immediately
  * Fixed bug where first byte from a LESSOPEN filter is deleted if it is
    greater than 0x7F
  * Fixed uninitialized variable in edit_ifile
  * Fixed incorrect handling of UTF-8 chars in prompts

  * Change preprocessor dependencies from Requires to Recommends. It's disabled
    by default and they are not necessary for less.

  * Updated to version 661:

  * fixed crash - buffer overflow by one in fexpand
  * fixed free(): double free detected in tcache 2
  * fixed segmentation fault on line-num-width & -N

  * Updated to version 656:

  * Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to
    find and open OSC8 hyperlinks (github #251).
  * Add --match-shift option.
  * Add --lesskey-content option (github #447).
  * Add LESSKEY_CONTENT environment variable (github #447).
  * Add --no-search-header-lines and --no-search-header-columns options (github
    #397).
  * Add ctrl-L search modifier (github #367).
  * A ctrl-P at the start of a shell command suppresses the "done" message
    (github #462).
  * Add attribute characters ('*', '~', '_', '&') to --color parameter (github
    #471).
  * Allow expansion of environment variables in lesskey files.
  * Add LESSSECURE_ALLOW environment variable (github #449).
  * Add LESS_UNSUPPORT environment variable.
  * Add line number parameter to --header option (github #436).
  * Mouse right-click jumps to position marked by left-click (github #390).
  * Ensure that the target line is not obscured by a header line set by --header
    (github #444).
  * Change default character set to "utf-8", except remains "dos" on MS-DOS.
  * Add message when search with ^W wraps (github #459).
  * UCRT builds on Windows 10 and later now support Unicode file names (github
    #438).
  * Improve behavior of interrupt while reading non-terminated pipe (github
    #414).
  * Improve parsing of -j, -x and -# options (github #393).
  * Support files larger than 4GB on Windows (github #417).
  * Support entry of Unicode chars larger than U+FFFF on Windows (github #391).
  * Improve colors of bold, underline and standout text on Windows.
  * Allow --rscroll to accept non-ASCII characters (github #483).
  * Allow the parameter to certain options to be terminated with a space
    (--color, --quotes, --rscroll, --search-options and --intr) (github #495).
  * Fix bug where # substitution failed after viewing help (github #420).
  * Fix crash if files are deleted while less is viewing them (github #404).
  * Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII
    input.
  * Fix -J display when searching for non-ASCII characters (github #422).
  * Don't filter header lines via the & command (github #423).
  * Fix bug when horizontally shifting long lines (github #425).
  * Add -x and -D options to lesstest, to make it easier to diagnose a failed
    lesstest run.
  * Fix bug searching long lines with --incsearch and -S (github #428).
  * Fix bug that made ESC-} fail if top line on screen was empty (github #429).
  * Fix bug with --mouse on Windows when used with pipes (github #440).
  * Fix bug in --+OPTION command line syntax.
  * Fix display bug when using -w with an empty line with a CR/LF line ending
    (github #474).
  * When substituting '#' or '%' with a filename, quote the filename if it
    contains a space (github #480).
  * Fix wrong sleep time when system has usleep but not nanosleep (github #489).
  * Fix bug when file name contains a newline (CVE-2024-32487, bsc#1222849).
  * Fix bug when file name contains nonprintable characters (github #503).
  * Fix DJGPP build (github #497).
  * Update Unicode tables.

  * add zstd support to lessopen

  * Updated to 643:

  * Fixed problem when a program piping into less reads from the tty, like sudo
    asking for password (github #368).
  * Fixed search modifier ^E after ^W.
  * Fixed bug using negated (^N) search (github #374).
  * Fixed bug setting colors with -D on Windows build (github #386).
  * Fixed reading special chars like PageDown on Windows (github #378).
  * Fixed mouse wheel scrolling on Windows (github #379).
  * Fixed erroneous EOF when terminal window size changes (github #372).
  * Fixed compile error with some definitions of ECHONL (github #395).
  * Fixed crash on Windows when writing logfile (github #405).
  * Fixed regression in exit code when stdin is /dev/null and output is a file
    (github #373).
  * Add lesstest test suite to production release (github #344).
  * Change lesstest output to conform with automake Simple Test Format (github
    #399).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.1  
    zypper in -t patch SUSE-SLE-Micro-6.1-139=1

## Package List:

  * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
    * less-668-slfo.1.1_1.1
    * less-debuginfo-668-slfo.1.1_1.1
    * less-debugsource-668-slfo.1.1_1.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-32487.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1047218
  * https://bugzilla.suse.com/show_bug.cgi?id=1222849
  * https://bugzilla.suse.com/show_bug.cgi?id=915387

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250613/6a8e28c1/attachment.htm>

More information about the sle-security-updates mailing list