When editing a file owned by another user, the owner of the file may
replace the file mid-editing with a symbolic link, resulting in the
editor overwriting the target of the symbolic link on saving with the
privileges of the user doing the editing, without any warning to the
When backup files are enabled and root is editing a file by an
untrusted user, that user may exploit race conditions in the creation of
backup files to take ownership of arbitrary files.
Relevant changelog entries at revisions 4490, 4491, 4493, and 4496.
it's in the tree now
GNU nano before 2.2.4 does not verify whether a file has been changed
before it is overwritten in a file-save operation, which allows local
user-assisted attackers to overwrite arbitrary files via a symlink
attack on an attacker-owned file that is being edited by the victim.
Race condition in GNU nano before 2.2.4, when run by root to edit a
file that is not owned by root, allows local user-assisted attackers
to change the ownership of arbitrary files via vectors related to the
creation of backup files.
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Tested on x86: Everything fine
stable x86, thanks Thomas
Stable for HPPA.
ppc64 done too
All arches done. GLSA request filled.
Can I ask what's with that glsa ?
(In reply to comment #12)
> Can I ask what's with that glsa ?
We have a huge backlog and it will take some time.