UbuntuUpdates.org

Package "nano"

Name: nano

Description:

small, friendly text editor inspired by Pico

Latest version: 4.8-1ubuntu1.1
Release: focal (20.04)
Level: security
Repository: main
Homepage: https://www.nano-editor.org/

Links


Download "nano"


Other versions of "nano" in Focal

Repository Area Version
base main 4.8-1ubuntu1
security universe 4.8-1ubuntu1.1
updates main 4.8-1ubuntu1.1
updates universe 4.8-1ubuntu1.1

Changelog

Version: 4.8-1ubuntu1.1 2024-10-15 15:08:32 UTC

  nano (4.8-1ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Emergency file could be replaced by a malicious symlink.
    - debian/patches/CVE-2024-5742.patch: Use fchmod and fchown in write_file()
      in src/files.c instead of using chmod and chown in emergency_save() in
      src/nano.c. Add EMERGENCY write type in kind_of_writing_type enum in
      src/nano.h. Update fd in write_file() in src/files.c. Based on upstream.
    - CVE-2024-5742

 -- Hlib Korzhynskyy <email address hidden> Wed, 09 Oct 2024 17:50:23 -0230

CVE-2024-5742 A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing



About   -   Send Feedback to @ubuntu_updates