{"id":"USN-7064-2","summary":"nano vulnerability","details":"USN-7064-1 fixed a vulnerability in nano. This update provides the\ncorresponding update for Ubuntu 14.04 LTS.\n\nOriginal advisory details:\n\n It was discovered that nano allowed a possible privilege escalation\n through an insecure temporary file. If nano was killed while editing, the\n permissions granted to the emergency save file could be used by an\n attacker to escalate privileges using a malicious symlink.\n","modified":"2026-02-10T04:45:28Z","published":"2024-10-29T11:15:20Z","related":["UBUNTU-CVE-2024-5742"],"upstream":["CVE-2024-5742","UBUNTU-CVE-2024-5742"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7064-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-5742"}],"affected":[{"package":{"name":"nano","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/nano@2.2.6-1ubuntu1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.6-1ubuntu1+esm1"}]}],"versions":["2.2.6-1ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"2.2.6-1ubuntu1+esm1","binary_name":"nano"},{"binary_version":"2.2.6-1ubuntu1+esm1","binary_name":"nano-tiny"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7064-2.json","cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}],"id":"CVE-2024-5742"}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}}],"schema_version":"1.7.3"}