nano: Multiple vulnerabilities

2010-06-01T00:00:00
ID GLSA-201006-08
Type gentoo
Reporter Gentoo Foundation
Modified 2010-06-01T00:00:00

Description

Background

nano is a GNU GPL'd Pico clone with more functionality.

Description

Multiple race condition vulnerabilities have been discovered in nano. For further information please consult the CVE entries referenced below.

Impact

Under certain conditions, a local, user-assisted attacker could possibly overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim, or change the ownership of arbitrary files.

Workaround

There is no known workaround at this time.

Resolution

All nano users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/nano-2.2.4"