ALAS-2024-1924

Amazon Linux 1 (EOL) Security Advisory: ALAS-2024-1924
Advisory Released Date: 2024-03-04
Advisory Updated Date: 2024-03-04

Severity: Important

References: CVE-2022-48624
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. (CVE-2022-48624)

Affected Packages:

less

Issue Correction:
Run yum update less to update your system.

New Packages:

i686:
    less-436-13.13.amzn1.i686
    less-debuginfo-436-13.13.amzn1.i686

src:
    less-436-13.13.amzn1.src

x86_64:
    less-debuginfo-436-13.13.amzn1.x86_64
    less-436-13.13.amzn1.x86_64

Additional References

Red Hat: CVE-2022-48624

Mitre: CVE-2022-48624