From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- metadata/glsa/glsa-201006-08.xml | 66 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 metadata/glsa/glsa-201006-08.xml (limited to 'metadata/glsa/glsa-201006-08.xml') diff --git a/metadata/glsa/glsa-201006-08.xml b/metadata/glsa/glsa-201006-08.xml new file mode 100644 index 000000000000..b4d7ac6a975a --- /dev/null +++ b/metadata/glsa/glsa-201006-08.xml @@ -0,0 +1,66 @@ + + + + nano: Multiple vulnerabilities + + Race conditions when editing files could lead to symlink attacks or changes + of ownerships of important files. + + nano + 2010-06-01 + 2010-06-01: 01 + 315355 + local + + + 2.2.4 + 2.2.4 + + + +

+ nano is a GNU GPL'd Pico clone with more functionality. +

+ + +

+ Multiple race condition vulnerabilities have been discovered in nano. + For further information please consult the CVE entries referenced + below. +

+ + +

+ Under certain conditions, a local, user-assisted attacker could + possibly overwrite arbitrary files via a symlink attack on an + attacker-owned file that is being edited by the victim, or change the + ownership of arbitrary files. +

+ + +

+ There is no known workaround at this time. +

+ + +

+ All nano users should upgrade to the latest version: +

+ + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-editors/nano-2.2.4" + + + CVE-2010-1160 + CVE-2010-1161 + + + chiiph + + + keytoaster + + + vorlon + + -- cgit v1.2.3