DescriptionGNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 15.0|| ||Patchnames: |
openSUSE Leap 15.0 GA nano-2.9.6-lp150.1.1
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA nano-2.7.1-1.1