Mageia 2024-0223: nano Security Advisory Updates
Summary
A vulnerability was found in GNU Nano that allows a possible privilege
escalation through an insecure temporary file. If Nano is killed while
editing, a file it saves to an emergency file with the permissions of
the running user provides a window of opportunity for attackers to
escalate privileges through a malicious symlink. (CVE-2024-5742)
References
- https://bugs.mageia.org/show_bug.cgi?id=33297
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VCJGQ6SCOSZGXAPYA7GYUT3M6ZPBLO5V/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5742
Resolution
MGASA-2024-0223 - Updated nano packages fix security vulnerability
SRPMS
- 9/core/nano-7.2-1.1.mga9