Advisories » MGASA-2026-0121

Updated nano packages fix security vulnerabilities

Publication date: 07 May 2026
Modification date: 07 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-6842 , CVE-2026-6843

Description

Local attacker can inject malicious .desktop launcher due to insecure
directory permissions. (CVE-2026-6842)
Format string vulnerability leads to denial of service. (CVE-2026-6843)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35466
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLLMINU5CKQDNMS5OT7OKS5V6YQFIJUC/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6842
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6843

SRPMS

9/core

• nano-7.2-1.2.mga9