{"schema_version":"1.7.2","id":"OESA-2026-2160","modified":"2026-05-03T09:56:46Z","published":"2026-05-03T09:56:46Z","upstream":["CVE-2026-6842","CVE-2026-6843"],"summary":"nano security update","details":"Nano is a tiny GNU editor\r\n\r\nSecurity Fix(es):\n\nA flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows the attacker to inject a malicious `.desktop` launcher, which could lead to unintended actions or information disclosure if the launcher is subsequently processed.(CVE-2026-6842)\n\nA flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application attempts to display this name, leading to a segmentation fault (SEGV). This results in a Denial of Service (DoS) for the `nano` application.(CVE-2026-6843)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"nano","purl":"pkg:rpm/openEuler/nano&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0-2.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["nano-8.0-2.oe2003sp4.aarch64.rpm","nano-debuginfo-8.0-2.oe2003sp4.aarch64.rpm","nano-debugsource-8.0-2.oe2003sp4.aarch64.rpm"],"noarch":["nano-help-8.0-2.oe2003sp4.noarch.rpm"],"src":["nano-8.0-2.oe2003sp4.src.rpm"],"x86_64":["nano-8.0-2.oe2003sp4.x86_64.rpm","nano-debuginfo-8.0-2.oe2003sp4.x86_64.rpm","nano-debugsource-8.0-2.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"nano","purl":"pkg:rpm/openEuler/nano&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0-2.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["nano-8.0-2.oe2203sp4.aarch64.rpm","nano-debuginfo-8.0-2.oe2203sp4.aarch64.rpm","nano-debugsource-8.0-2.oe2203sp4.aarch64.rpm"],"noarch":["nano-help-8.0-2.oe2203sp4.noarch.rpm"],"src":["nano-8.0-2.oe2203sp4.src.rpm"],"x86_64":["nano-8.0-2.oe2203sp4.x86_64.rpm","nano-debuginfo-8.0-2.oe2203sp4.x86_64.rpm","nano-debugsource-8.0-2.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"nano","purl":"pkg:rpm/openEuler/nano&distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.7.1-2.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["nano-8.0-2.oe2403.aarch64.rpm","nano-debuginfo-8.0-2.oe2403.aarch64.rpm","nano-debugsource-8.0-2.oe2403.aarch64.rpm","nano-8.0-2.oe2403sp1.aarch64.rpm","nano-debuginfo-8.0-2.oe2403sp1.aarch64.rpm","nano-debugsource-8.0-2.oe2403sp1.aarch64.rpm","nano-8.7.1-2.oe2403sp3.aarch64.rpm","nano-debuginfo-8.7.1-2.oe2403sp3.aarch64.rpm","nano-debugsource-8.7.1-2.oe2403sp3.aarch64.rpm"],"noarch":["nano-help-8.0-2.oe2403.noarch.rpm","nano-help-8.0-2.oe2403sp1.noarch.rpm","nano-help-8.7.1-2.oe2403sp3.noarch.rpm"],"src":["nano-8.0-2.oe2403.src.rpm","nano-8.0-2.oe2403sp1.src.rpm","nano-8.7.1-2.oe2403sp3.src.rpm"],"x86_64":["nano-8.0-2.oe2403.x86_64.rpm","nano-debuginfo-8.0-2.oe2403.x86_64.rpm","nano-debugsource-8.0-2.oe2403.x86_64.rpm","nano-8.0-2.oe2403sp1.x86_64.rpm","nano-debuginfo-8.0-2.oe2403sp1.x86_64.rpm","nano-debugsource-8.0-2.oe2403sp1.x86_64.rpm","nano-8.7.1-2.oe2403sp3.x86_64.rpm","nano-debuginfo-8.7.1-2.oe2403sp3.x86_64.rpm","nano-debugsource-8.7.1-2.oe2403sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP1","name":"nano","purl":"pkg:rpm/openEuler/nano&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0-2.oe2403sp1"}]}],"ecosystem_specific":{"aarch64":["nano-8.0-2.oe2403sp1.aarch64.rpm","nano-debuginfo-8.0-2.oe2403sp1.aarch64.rpm","nano-debugsource-8.0-2.oe2403sp1.aarch64.rpm"],"noarch":["nano-help-8.0-2.oe2403sp1.noarch.rpm"],"src":["nano-8.0-2.oe2403sp1.src.rpm"],"x86_64":["nano-8.0-2.oe2403sp1.x86_64.rpm","nano-debuginfo-8.0-2.oe2403sp1.x86_64.rpm","nano-debugsource-8.0-2.oe2403sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"nano","purl":"pkg:rpm/openEuler/nano&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.7.1-2.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["nano-8.7.1-2.oe2403sp3.aarch64.rpm","nano-debuginfo-8.7.1-2.oe2403sp3.aarch64.rpm","nano-debugsource-8.7.1-2.oe2403sp3.aarch64.rpm"],"noarch":["nano-help-8.7.1-2.oe2403sp3.noarch.rpm"],"src":["nano-8.7.1-2.oe2403sp3.src.rpm"],"x86_64":["nano-8.7.1-2.oe2403sp3.x86_64.rpm","nano-debuginfo-8.7.1-2.oe2403sp3.x86_64.rpm","nano-debugsource-8.7.1-2.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2160"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6842"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-6843"}],"database_specific":{"severity":"Medium"}}