Release date:
2026-05-18 16:46:08 UTC
Description:
- CVE-2024-5742: emergency_save() applied chmod/chown to a path after
the descriptor was closed, allowing a symlink swap to redirect the
ownership change to an attacker-controlled file
- Backport of upstream commit 5e7a3c2e from nano v8.0, adapted to the
5.6.1 codebase (write_file signature predates the SPECIAL/NONOTES
refactor)
Updated packages:
-
nano-5.6.1-5.el9.tuxcare.els1.x86_64.rpm
sha:cd1761f315df60dc65f69124f221e92bd36bdf95edc4fc113a1e17b601e25111
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
