Home / mailingsPDF  

[USN-8386-1] Nano vulnerabilities

Posted on 05 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8386-1
June 04, 2026

nano vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Nano.

Software Description:
- nano: GNU nano editor

Details:

Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created
the ~/.local directory with incorrect permissions. In environments with
permissive umask settings, a local attacker could possibly use this
issue to inject a malicious launcher file, resulting in information
disclosure or other unintended actions. (CVE-2026-6842)

Michał Majchrowicz and Marcin Wyczechowski discovered that Nano
incorrectly handled directory names when updating the status line. A
local attacker could possibly use this issue to cause Nano to crash,
resulting in a denial of service. This issue only affected Ubuntu 22.04
LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS.
(CVE-2026-6843)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
nano 8.7.1-1ubuntu0.1
nano-tiny 8.7.1-1ubuntu0.1

Ubuntu 25.10
nano 8.4-1ubuntu0.1
nano-tiny 8.4-1ubuntu0.1

Ubuntu 24.04 LTS
nano 7.2-2ubuntu0.2
nano-tiny 7.2-2ubuntu0.2

Ubuntu 22.04 LTS
nano 6.2-1ubuntu0.2
nano-tiny 6.2-1ubuntu0.2

Ubuntu 20.04 LTS
nano 4.8-1ubuntu1.1+esm1
Available with Ubuntu Pro
nano-tiny 4.8-1ubuntu1.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
nano 2.9.3-2ubuntu0.1~esm2
Available with Ubuntu Pro
nano-tiny 2.9.3-2ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8386-1
CVE-2026-6842, CVE-2026-6843

Package Information:
https://launchpad.net/ubuntu/+source/nano/8.7.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/8.4-1ubuntu0.1
https://launchpad.net/ubuntu/+source/nano/7.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/nano/6.2-1ubuntu0.2

--===============7013962588922853258==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :