<div class="container">
<h1>Security update for less</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2025:20394-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2025-06-08T13:39:11Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1047218">bsc#1047218</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222849">bsc#1222849</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=915387">bsc#915387</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2024-32487.html">CVE-2024-32487</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2024-32487</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">8.6</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.1</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability and has two fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for less fixes the following issues:</p>
<ul>
<li>Updated to version 668</li>
<li>Fixed crash when using --header on command line</li>
<li>Fixed possible crash when scrolling left/right or toggling -S</li>
<li>Fixed bug when using #stop in a lesskey file</li>
<li>Fixed bug when using --shift or --match-shift on command line with a parameter starting with '.'</li>
<li>Fixed bug in R command when file size changes</li>
<li>Fixed bug using --header when file does not fill screen</li>
<li>Fixed ^X bug when output is not a terminal</li>
<li>Fixed bug where ^Z is not handled immediately</li>
<li>Fixed bug where first byte from a LESSOPEN filter is deleted if it is greater than 0x7F</li>
<li>Fixed uninitialized variable in edit_ifile</li>
<li>
<p>Fixed incorrect handling of UTF-8 chars in prompts</p>
</li>
<li>
<p>Change preprocessor dependencies from Requires to Recommends. It's disabled by
default and they are not necessary for less.</p>
</li>
<li>
<p>Updated to version 661:</p>
</li>
<li>fixed crash - buffer overflow by one in fexpand</li>
<li>fixed free(): double free detected in tcache 2</li>
<li>
<p>fixed segmentation fault on line-num-width & -N</p>
</li>
<li>
<p>Updated to version 656:</p>
</li>
<li>Add ^O^N, ^O^P, ^O^L and ^O^O commands and mouse clicks (with --mouse) to find and open OSC8 hyperlinks (github #251).</li>
<li>Add --match-shift option.</li>
<li>Add --lesskey-content option (github #447).</li>
<li>Add LESSKEY_CONTENT environment variable (github #447).</li>
<li>Add --no-search-header-lines and --no-search-header-columns options (github #397).</li>
<li>Add ctrl-L search modifier (github #367).</li>
<li>A ctrl-P at the start of a shell command suppresses the "done" message (github #462).</li>
<li>Add attribute characters ('*', '~', '_', '&') to --color parameter (github #471).</li>
<li>Allow expansion of environment variables in lesskey files.</li>
<li>Add LESSSECURE_ALLOW environment variable (github #449).</li>
<li>Add LESS_UNSUPPORT environment variable.</li>
<li>Add line number parameter to --header option (github #436).</li>
<li>Mouse right-click jumps to position marked by left-click (github #390).</li>
<li>Ensure that the target line is not obscured by a header line set by --header (github #444).</li>
<li>Change default character set to "utf-8", except remains "dos" on MS-DOS.</li>
<li>Add message when search with ^W wraps (github #459).</li>
<li>UCRT builds on Windows 10 and later now support Unicode file names (github #438).</li>
<li>Improve behavior of interrupt while reading non-terminated pipe (github #414).</li>
<li>Improve parsing of -j, -x and -# options (github #393).</li>
<li>Support files larger than 4GB on Windows (github #417).</li>
<li>Support entry of Unicode chars larger than U+FFFF on Windows (github #391).</li>
<li>Improve colors of bold, underline and standout text on Windows.</li>
<li>Allow --rscroll to accept non-ASCII characters (github #483).</li>
<li>Allow the parameter to certain options to be terminated with a space (--color, --quotes, --rscroll, --search-options and --intr) (github #495).</li>
<li>Fix bug where # substitution failed after viewing help (github #420).</li>
<li>Fix crash if files are deleted while less is viewing them (github #404).</li>
<li>Workaround unreliable ReadConsoleInputW behavior on Windows with non-ASCII input.</li>
<li>Fix -J display when searching for non-ASCII characters (github #422).</li>
<li>Don't filter header lines via the & command (github #423).</li>
<li>Fix bug when horizontally shifting long lines (github #425).</li>
<li>Add -x and -D options to lesstest, to make it easier to diagnose a failed lesstest run.</li>
<li>Fix bug searching long lines with --incsearch and -S (github #428).</li>
<li>Fix bug that made ESC-} fail if top line on screen was empty (github #429).</li>
<li>Fix bug with --mouse on Windows when used with pipes (github #440).</li>
<li>Fix bug in --+OPTION command line syntax.</li>
<li>Fix display bug when using -w with an empty line with a CR/LF line ending (github #474).</li>
<li>When substituting '#' or '%' with a filename, quote the filename if it contains a space (github #480).</li>
<li>Fix wrong sleep time when system has usleep but not nanosleep (github #489).</li>
<li>Fix bug when file name contains a newline (CVE-2024-32487, bsc#1222849).</li>
<li>Fix bug when file name contains nonprintable characters (github #503).</li>
<li>Fix DJGPP build (github #497).</li>
<li>
<p>Update Unicode tables.</p>
</li>
<li>
<p>add zstd support to lessopen</p>
</li>
<li>
<p>Updated to 643:</p>
</li>
<li>Fixed problem when a program piping into less reads from the tty,
like sudo asking for password (github #368).</li>
<li>Fixed search modifier ^E after ^W.</li>
<li>Fixed bug using negated (^N) search (github #374).</li>
<li>Fixed bug setting colors with -D on Windows build (github #386).</li>
<li>Fixed reading special chars like PageDown on Windows (github #378).</li>
<li>Fixed mouse wheel scrolling on Windows (github #379).</li>
<li>Fixed erroneous EOF when terminal window size changes (github #372).</li>
<li>Fixed compile error with some definitions of ECHONL (github #395).</li>
<li>Fixed crash on Windows when writing logfile (github #405).</li>
<li>Fixed regression in exit code when stdin is /dev/null and
output is a file (github #373).</li>
<li>Add lesstest test suite to production release (github #344).</li>
<li>Change lesstest output to conform with
automake Simple Test Format (github #399).</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.1
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-6.1-139=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64)
<ul>
<li>less-668-slfo.1.1_1.1</li>
<li>less-debuginfo-668-slfo.1.1_1.1</li>
<li>less-debugsource-668-slfo.1.1_1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2024-32487.html">https://www.suse.com/security/cve/CVE-2024-32487.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1047218">https://bugzilla.suse.com/show_bug.cgi?id=1047218</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1222849">https://bugzilla.suse.com/show_bug.cgi?id=1222849</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=915387">https://bugzilla.suse.com/show_bug.cgi?id=915387</a>
</li>
</ul>
</div>