blob: 9e24b753332b31876c6e3f6a78d193d15cbfc2b5 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="201006-08">
<title>nano: Multiple vulnerabilities</title>
Race conditions when editing files could lead to symlink attacks or changes
of ownerships of important files.
<product type="ebuild">nano</product>
<announced>June 01, 2010</announced>
<revised>June 01, 2010: 01</revised>
<package name="app-editors/nano" auto="yes" arch="*">
<unaffected range="ge">2.2.4</unaffected>
<vulnerable range="lt">2.2.4</vulnerable>
nano is a GNU GPL'd Pico clone with more functionality.
Multiple race condition vulnerabilities have been discovered in nano.
For further information please consult the CVE entries referenced
<impact type="normal">
Under certain conditions, a local, user-assisted attacker could
possibly overwrite arbitrary files via a symlink attack on an
attacker-owned file that is being edited by the victim, or change the
ownership of arbitrary files.
There is no known workaround at this time.
All nano users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-editors/nano-2.2.4&quot;</code>
<uri link="">CVE-2010-1160</uri>
<uri link="">CVE-2010-1161</uri>
<metadata tag="requester" timestamp="Fri, 30 Apr 2010 14:22:38 +0000">
<metadata tag="submitter" timestamp="Thu, 27 May 2010 14:24:42 +0000">
<metadata tag="bugReady" timestamp="Thu, 27 May 2010 17:43:51 +0000">