Pardus alert 2010-58 (nano)
| From: | Eren Turkay <eren@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2010-58] Nano: Multiple Vulnerabilities | |
| Date: | Tue, 27 Apr 2010 14:31:30 +0300 (EEST) | |
| Message-ID: | <20100427113130.DBB84A7AB31@lider.pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-58 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-04-27 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in nano. Description =========== CVE-2010-1160: GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim. CVE-2010-1161: Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files. Affected packages: Pardus 2009: nano, all before 2.2.4-21-10 Resolution ========== There are update(s) for nano. You can update them via Package Manager or with a single command from console: pisi up nano References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=12694 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security