SUSE Package Hub - openSUSE-2024-157

Update Info

openSUSE-2024-157

Security update for nano

Type: security

Severity: important

Issued: 2024-06-11

Description:

This update for nano fixes the following issues:

- CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099)

References

CVE: CVE-2024-5742
Bugzilla: 1226099 VUL-0: CVE-2024-5742: nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file

Packages

nano-7.2-bp156.3.3.1