Tuesday, October 15, 2024

[USN-7064-1] nano vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmcOoNMFAwAAAAAACgkQyfW2m9Ldu6td
Rg//XQfPZAvC5rTPJM9bqUHS3eUx1pte4koX7s3tqh6+YPMVUtzcIxGdpdxfukctZOsy8Zoa4a9H
g7w88zHNNpfxRz9fr7FQxVbxgmeazyi/cgsTKoX1sA8VpbL0PUZUqSVnYZqi6ssblb5nMFiw4fpv
FgOKG4Nnnyf8reHCEfOruVzgPsx+0BH0lPc3bf7OhEVRZ5VsoA9XGWsYnOvpFciiAtD3uIVbwF7n
xN5rHsjUFHpzvj4zSqF5vadkm12WA3DvEJaKVwVJgqotvWugQQYsMIaan9KqGbQqeqJcSCGCWui6
Y+5Iw3wJePOPeO63KHetVXLk2wqxuCJcN1O/Wc5kqMbDJFd6SFEcaMcD6RIqHbp75Dv0cClV2+JA
YkObQ11kojCf4XR1lXQpLhd0G4Y0rMJPJXD1MFfrUXLpuOwHK37wSLf1Hfvk0sWTvibBn0WazNZ8
wHttGT0gOUhrjlnillMKk0T1ghDYsDZhGBsz1FJWeUH/wRVDBDZYVDDa9YWTImYAZ1oG4iv+AxiA
HP42V6ODYm/zXcoQQnJZeHs0i/01weAZ88I6axWn86LXoydAK4tKqaVNChL3z//LV8GCt+C6QGRi
njw0vCxPMy0BvzmyzGaycaYlUEord7LaGKD5fPK5IqOKNV7P/yXnOu3ZhRuOOKIVXbHpVK6vqVPA
E3g=
=ZSiA
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7064-1
October 15, 2024

nano vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

nano could be made to give users administrator privileges.

Software Description:
- nano: small, friendly text editor inspired by Pico

Details:

It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  nano                            7.2-2ubuntu0.1

Ubuntu 22.04 LTS
  nano                            6.2-1ubuntu0.1

Ubuntu 20.04 LTS
  nano                            4.8-1ubuntu1.1

Ubuntu 18.04 LTS
  nano                            2.9.3-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  nano                            2.5.3-2ubuntu2+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7064-1
  CVE-2024-5742

Package Information:
  https://launchpad.net/ubuntu/+source/nano/7.2-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/nano/6.2-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/nano/4.8-1ubuntu1.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)