Advisories » MGASA-2024-0223

Updated nano packages fix security vulnerability

Publication date: 15 Jun 2024
Modification date: 15 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5742

Description

A vulnerability was found in GNU Nano that allows a possible privilege
escalation through an insecure temporary file. If Nano is killed while
editing, a file it saves to an emergency file with the permissions of
the running user provides a window of opportunity for attackers to
escalate privileges through a malicious symlink. (CVE-2024-5742)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33297
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VCJGQ6SCOSZGXAPYA7GYUT3M6ZPBLO5V/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5742

SRPMS

9/core

• nano-7.2-1.1.mga9