nano-2.9.8-3.el8_10

エラータID: AXSA:2024-8840:01

Release date: 
Thursday, September 26, 2024 - 15:02
Subject: 
nano-2.9.8-3.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

GNU nano is a small and friendly text editor.

Security Fix(es):

* nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file (CVE-2024-5742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-5742
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Solution: 

Update packages.

CVEs: 
CVE-2024-5742
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Additional Info: 

N/A

Download: 

SRPMS
  1. nano-2.9.8-3.el8_10.src.rpm
    MD5: bdebcaca3f566fa071482927da0e4790
    SHA-256: b8eed4e1bd72ffdb91f113ce192e726d97eded767e66812e6afacdc2f747d799
    Size: 2.79 MB

Asianux Server 8 for x86_64
  1. nano-2.9.8-3.el8_10.x86_64.rpm
    MD5: 5d365f68508c9d9c1dce1b750ddb5047
    SHA-256: 15067efad3d64ed1d2bca3030cfa490c03b7ae0c81170bd3319983e199102ee5
    Size: 579.62 kB