Bug 33297 - nano new security issue CVE-2024-5742
Summary: nano new security issue CVE-2024-5742
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-06-12 15:25 CEST by Nicolas Salguero
Modified: 2024-06-16 01:08 CEST (History)
4 users (show)

See Also:
Source RPM: nano-7.2-1.mga9.src.rpm
CVE: CVE-2024-5742
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-06-12 15:25:59 CEST 
openSUSE has issued an advisory on June 12:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VCJGQ6SCOSZGXAPYA7GYUT3M6ZPBLO5V/

The problem is fixed in version 8.0 or with the following commit:
https://git.savannah.gnu.org/cgit/nano.git/commit/?id=5e7a3c2e7e118c7f12d5dfda9f9140f638976aa2

Mageia 9 is also affected.
Nicolas Salguero 2024-06-12 15:26:37 CEST

Source RPM: (none) => nano-7.2-2.mga10.src.rpm
Status comment: (none) => Fixed upstream in 8.0 and patch available from openSUSE and upstream
Whiteboard: (none) => MGA9TOO
CVE: (none) => CVE-2024-5742

Comment 1 Nicolas Salguero 2024-06-13 14:07:20 CEST 
Suggested advisory:
========================

The updated package fixes a security vulnerability:

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. (CVE-2024-5742)

References:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/VCJGQ6SCOSZGXAPYA7GYUT3M6ZPBLO5V/
========================

Updated package in core/updates_testing:
========================
nano-7.2-1.1.mga9

from SRPM:
nano-7.2-1.1.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Assignee: bugsquad => qa-bugs
Status comment: Fixed upstream in 8.0 and patch available from openSUSE and upstream => (none)
Status: NEW => ASSIGNED
Source RPM: nano-7.2-2.mga10.src.rpm => nano-7.2-1.mga9.src.rpm

katnatek 2024-06-13 19:37:14 CEST

Keywords: (none) => advisory

Comment 2 Morgan Leijström 2024-06-14 15:27:45 CEST 
mga9-64 OK running in Plasma X11 Konsole
created file, saved, restart, open edit, etc.

CC: (none) => fri

Comment 3 katnatek 2024-06-14 21:23:34 CEST 
Not like that I try to reproduce the fail with current version but killing nano not produce the emergency file

The application update without issue And works

CC: (none) => andrewsfarm

Comment 4 Herman Viaene 2024-06-15 12:27:43 CEST 
MGA9-64 Plasma Wayland on HP-Pavillion
No installation issues.
Tried to use it, found it even clumsier than vi. Anyway, did some operations on a text file, found rather accidentally that mouse operation could be set-reset.
Probably due to this being a slow machine, closing nano left the mouse cursor with the icon to resize a window wherever I moved it. After a while, it returned to normal operation.
In view of other tests above, good to go.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

Comment 5 Thomas Andrews 2024-06-15 14:13:33 CEST 
Validating.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Mageia Robot 2024-06-16 01:08:42 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0223.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.