Ubuntu Security Notice 7064-1 - It was discovered that nano allowed a possible privilege escalation through an insecure temporary file. If nano was killed while editing, the permissions granted to the emergency save file could be used by an attacker to escalate privileges using a malicious symlink.
8cef91180f8ac7204987a76b3681a3cabb8818b1d82bf8e731ed5840a1270bac==========================================================================
Ubuntu Security Notice USN-7064-1
October 15, 2024
nano vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
nano could be made to give users administrator privileges.
Software Description:
- nano: small, friendly text editor inspired by Pico
Details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
nano 7.2-2ubuntu0.1
Ubuntu 22.04 LTS
nano 6.2-1ubuntu0.1
Ubuntu 20.04 LTS
nano 4.8-1ubuntu1.1
Ubuntu 18.04 LTS
nano 2.9.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
nano 2.5.3-2ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7064-1
CVE-2024-5742
Package Information:
https://launchpad.net/ubuntu/+source/nano/7.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/6.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/4.8-1ubuntu1.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed