USN-7064-1: nano vulnerability
15 October 2024
nano could be made to give users administrator privileges.
Releases
Packages
- nano - small, friendly text editor inspired by Pico
Details
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
-
nano
-
2.9.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
nano
-
2.5.3-2ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7064-2: nano-tiny, nano