Tuesday, October 29, 2024

[USN-7064-2] nano vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELOLXZEFYQHcSWEHiyfW2m9Ldu6sFAmcg4d8FAwAAAAAACgkQyfW2m9Ldu6u0
hg/8CU7ZGjdCoc0XJY7xXZe1pkiSCcaIsSJnx4bzVvqNAavNeS5Iru5FrUVMtEYKey7bfyQR7PzP
BPM0ELSKQR//8CYuak0qfAnf1dUOVXc8rilhVoKsd3SHspB0wNfg0ycvHo7f+aIZFbbWoc9a7Bjz
OPPUG3987MQXTnThgfaGhK5EAGoMLgYIjWPYLlFrR/2AihgeT3uoiSkPKO/oG0MDeLuDEhdrdxR3
e7zjWRQDxsV7Jh0E9xpxLMU6wlniCkPkrPUWBJT6vb1v6IfwofEMKuVepAvpiZXxk2o68bxL2g4+
rivdBbIh92mZescpP5/cWMLoTdBl8StAxTdGt8hUGoTWCn5++MMb+KhFktlCGX07mTxaqNufdJoj
fNcBDp+1PaNSgAqS1HsmXL5/y9fBSsU1xkm9ELkip/M13KckzB1UTyomfm9KmxF0Ta/glmGEeRGh
AAIvYvOFhi4xQ79D2oa6gdSmIhoLDA7AlXE75TISgPcusukC3L0L5F70W/Bf8d+S218wVnWbEM2X
LgYXgGQYaE6XArR/wvg+RtSm81HVSQiEwerJ9HaukbeXJAPv48QLa70f/OLybTjjCU0VLbqu8NIq
WPJc2LNzusyq1COrxx2uNqjMiCzJIxniVbLThitCbYD97NnRMD8rcJi+HY0X8WE7Z5MKz+LPdy6d
UbA=
=TM0m
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7064-2
October 29, 2024

nano vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

nano could be made to give users administrator privileges.

Software Description:
- nano: small, friendly text editor inspired by Pico

Details:

USN-7064-1 fixed a vulnerability in nano. This update provides the
corresponding update for Ubuntu 14.04 LTS.

Original advisory details:

It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
nano 2.2.6-1ubuntu1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7064-2
https://ubuntu.com/security/notices/USN-7064-1
CVE-2024-5742

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)