Amazon Linux 2023 Security Advisory: ALAS-2024-652
Advisory Release Date: 2024-07-18 01:24 Pacific
Advisory Updated Date: 2024-07-22 16:00 Pacific
Severity:
Medium
Issue Overview:
nano: running `chmod` and `chown` on the filename allows malicious user to replace the emergency file with a malicious symlink to a root-owned file (CVE-2024-5742)
Affected Packages:
nano
Issue Correction:
Run dnf update nano --releasever 2023.5.20240722 to update your system.
New Packages:
aarch64:
nano-debugsource-5.8-3.amzn2023.0.4.aarch64
nano-debuginfo-5.8-3.amzn2023.0.4.aarch64
nano-5.8-3.amzn2023.0.4.aarch64
noarch:
default-editor-5.8-3.amzn2023.0.4.noarch
nano-default-editor-5.8-3.amzn2023.0.4.noarch
src:
nano-5.8-3.amzn2023.0.4.src
x86_64:
nano-debugsource-5.8-3.amzn2023.0.4.x86_64
nano-debuginfo-5.8-3.amzn2023.0.4.x86_64
nano-5.8-3.amzn2023.0.4.x86_64