nano-5.6.1-6.el9

エラータID: AXSA:2024-9155:02

Release date: 
Wednesday, December 11, 2024 - 21:41
Subject: 
nano-5.6.1-6.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Low
Description: 

GNU nano is a small and friendly text editor.

Security Fix(es):

* nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file (CVE-2024-5742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2024-5742
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Solution: 

Update packages.

CVEs: 
CVE-2024-5742
A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.
Additional Info: 

N/A

Download: 

SRPMS
  1. nano-5.6.1-6.el9.src.rpm
    MD5: 18127fc360c5a30071425b30aebd2e35
    SHA-256: 4fa0333d6b7e850b684417a901c210240f9c7f922a7137e3518a708a846c3b81
    Size: 1.38 MB

Asianux Server 9 for x86_64
  1. nano-5.6.1-6.el9.x86_64.rpm
    MD5: 9ac5db7ffa140ff94ce94ba2f9cd1341
    SHA-256: d060ae207c9f651980d9bee603f520585dd136743573e5369dba002c7f2807c7
    Size: 713.71 kB