Debian 2.2 DSA-004-1 Critical: Nano Symlink Attack Mitigation
debian
December 16, 2000
When nano (a free pico clone) unexpectedly diesit tries a warning message to a new file with a predictable name.
Topics Covered
Summary
Package : nano
Problem type : symlink attack
Debian-specific: no
The problem that was previously reported for joe also occurs with
other editors. When nano (a free pico clone) unexpectedly dies
it tries a warning message to a new file with a predictable name
(the name of the file being edited with ".save" appended). Unfortunately
that file was not created safely which made nano vulnerable to a
symlink attack.
This has been fixed in version 0.9.23-1 (except for powerpc, which has
version 0.9.23-1.1).
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: 5c878e43e5161ee25043f60886c88b03
MD5 checksum: 85879b609fbcd5b091e686d16e75865b
MD5 checksum: 56bdf48e0d56b83ca669ec813cc0d466
Alpha architecture:
MD5 checksum: f7bba57357225edc934d5adb1ef2259e
MD5 checks...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!