[USN-7064-2] nano vulnerability
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Tue Oct 29 13:23:43 UTC 2024
==========================================================================
Ubuntu Security Notice USN-7064-2
October 29, 2024
nano vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
nano could be made to give users administrator privileges.
Software Description:
- nano: small, friendly text editor inspired by Pico
Details:
USN-7064-1 fixed a vulnerability in nano. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
nano 2.2.6-1ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7064-2
https://ubuntu.com/security/notices/USN-7064-1
CVE-2024-5742
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20241029/9a1237f5/attachment.sig>
More information about the ubuntu-security-announce
mailing list