[Apollo] Advisories Statistics light light Login

RLSA-2024:6986

Security Mirrored from RHSA-2024:6986
Issued at: 2024-09-30
Updated at: 2024-09-30

Synopsis

Low: nano security update



Description

GNU nano is a small and friendly text editor.

Security Fix(es):

* nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file (CVE-2024-5742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2278574

CVEs

CVE-2024-5742

Affected packages

Rocky Linux 8 aarch64 - BaseOS

nano-0:2.9.8-3.el8_10.aarch64.rpm nano-0:2.9.8-3.el8_10.src.rpm nano-debuginfo-0:2.9.8-3.el8_10.aarch64.rpm nano-debugsource-0:2.9.8-3.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - BaseOS

nano-0:2.9.8-3.el8_10.src.rpm nano-0:2.9.8-3.el8_10.x86_64.rpm nano-debuginfo-0:2.9.8-3.el8_10.x86_64.rpm nano-debugsource-0:2.9.8-3.el8_10.x86_64.rpm