GLSA-201006-08 : nano: Multiple vulnerabilities
Low Nessus Plugin ID 46775
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201006-08 (nano: Multiple vulnerabilities)
Multiple race condition vulnerabilities have been discovered in nano.
For further information please consult the CVE entries referenced below.
Under certain conditions, a local, user-assisted attacker could possibly overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim, or change the ownership of arbitrary files.
There is no known workaround at this time.
SolutionAll nano users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-editors/nano-2.2.4'