openSUSE-SU-2024:0157-1

Опубликовано: 11 июн. 2024

Источник: suse-cvrf

Описание

Security update for nano

This update for nano fixes the following issues:

CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099)

Список пакетов

SUSE Package Hub 15 SP5

nano-7.2-bp156.3.3.1

nano-lang-7.2-bp156.3.3.1

SUSE Package Hub 15 SP6

nano-7.2-bp156.3.3.1

nano-lang-7.2-bp156.3.3.1

openSUSE Leap 15.5

nano-7.2-bp156.3.3.1

nano-lang-7.2-bp156.3.3.1

openSUSE Leap 15.6

nano-7.2-bp156.3.3.1

nano-lang-7.2-bp156.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VCJGQ6SCOSZGXAPYA7GYUT3M6ZPBLO5V/
E-Mail link for openSUSE-SU-2024:0157-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1226099
SUSE Bug 1226099
https://www.suse.com/security/cve/CVE-2024-5742/
SUSE CVE CVE-2024-5742 page

Описание

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink.

Затронутые продукты

SUSE Package Hub 15 SP5:nano-7.2-bp156.3.3.1

SUSE Package Hub 15 SP5:nano-lang-7.2-bp156.3.3.1

SUSE Package Hub 15 SP6:nano-7.2-bp156.3.3.1

SUSE Package Hub 15 SP6:nano-lang-7.2-bp156.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-5742.html
CVE-2024-5742
https://bugzilla.suse.com/1226099
SUSE Bug 1226099

openSUSE-SU-2024:0157-1

Описание

Список пакетов

SUSE Package Hub 15 SP5

SUSE Package Hub 15 SP6

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-5742

Описание

Затронутые продукты

Ссылки