https://www.openwall.com/lists/oss-security/2023/02/07/7 "" Hi, I discovered a way to bypass the escape sequence filtering performed by less -R due to incorrect terminal state machine handling. The fix is: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c but not yet part of any less release. An example that results in a DoS in xterm or iTerm 2 is: printf "\e]8;;\e0m\e[>0q" > less-example-xtversion less -R less-example-xtversion This has the result of getting the terminal to reply with something like "\eP>|name version". The "P" there makes less scroll up, the ">" makes it scroll down, and then it prints the same thing to the tty, rinse, repeat. This affects GNU less >= 566 (and <609, but version 608 is the last public release, the later version numbers are snapshots). David """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=91641abac0747b8c2b701acb7acfc6d7e3f82c37 commit 91641abac0747b8c2b701acb7acfc6d7e3f82c37 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-02-09 03:45:58 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-02-09 03:54:09 +0000 sys-apps/less: patch CVE-2022-46663 Bug: https://bugs.gentoo.org/893530 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/less/files/less-608-CVE-2022-46663.patch | 22 +++++++++ sys-apps/less/less-608-r2.ebuild | 60 +++++++++++++++++++++++ 2 files changed, 82 insertions(+)
Ping. Please clean up vulnerable less-608-r1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e4a47f747e38bf26733ce68c8e1a738f3e70725d commit e4a47f747e38bf26733ce68c8e1a738f3e70725d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-10-10 06:27:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-10 06:28:14 +0000 [ GLSA 202310-11 ] less: Denial of service Bug: https://bugs.gentoo.org/893530 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202310-11.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3e209c807879be3c67e1ce65900e88234a03d95 commit f3e209c807879be3c67e1ce65900e88234a03d95 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-10-10 06:29:17 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-10-10 06:29:59 +0000 sys-apps/less: drop 608-r1 Bug: https://bugs.gentoo.org/893530 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/less/less-608-r1.ebuild | 58 ---------------------------------------- 1 file changed, 58 deletions(-)
All done.