Updated nano packages fix security vulnerability
Publication date: 15 Jun 2024Modification date: 15 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-5742
Description
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. (CVE-2024-5742)
References
SRPMS
9/core
- nano-7.2-1.1.mga9