Nano vulnerabilities
Published: Thu, 04 Jun 2026 17:00
Summary
Several security issues were fixed in Nano.
Details
Michał Majchrowicz and Marcin Wyczechowski discovered that Nano created the ~/.local directory with incorrect permissions. In environments with permissive umask settings, a local attacker could possibly use this issue to inject a malicious launcher file, resulting in information disclosure or other unintended actions. (CVE-2026-6842) Michał Majchrowicz and Marcin Wyczechowski discovered that Nano incorrectly handled directory names when updating the status line. A local attacker could possibly use this issue to cause Nano to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6843)
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu bionic
nano→2.9.3-2ubuntu0.1~esm2apt_upgrade_esmFixed at 2.9.3-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y nano=2.9.3-2ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
nano→2.9.3-2ubuntu0.1~esm2apt_upgrade_esmFixed at 2.9.3-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y nano=2.9.3-2ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
nano-tiny→2.9.3-2ubuntu0.1~esm2apt_upgrade_esmFixed at 2.9.3-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y nano-tiny=2.9.3-2ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu focal
nano→4.8-1ubuntu1.1+esm1apt_upgradeStandard apt upgrade. Install 4.8-1ubuntu1.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano→4.8-1ubuntu1.1+esm1apt_upgradeStandard apt upgrade. Install 4.8-1ubuntu1.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano-tiny→4.8-1ubuntu1.1+esm1apt_upgradeStandard apt upgrade. Install 4.8-1ubuntu1.1+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano-tiny
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu jammy
nano→6.2-1ubuntu0.2apt_upgradeStandard apt upgrade. Install 6.2-1ubuntu0.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano→6.2-1ubuntu0.2apt_upgradeStandard apt upgrade. Install 6.2-1ubuntu0.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano-tiny→6.2-1ubuntu0.2apt_upgradeStandard apt upgrade. Install 6.2-1ubuntu0.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano-tiny
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu noble
nano→7.2-2ubuntu0.2apt_upgradeStandard apt upgrade. Install 7.2-2ubuntu0.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano→7.2-2ubuntu0.2apt_upgradeStandard apt upgrade. Install 7.2-2ubuntu0.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano-tiny→7.2-2ubuntu0.2apt_upgradeStandard apt upgrade. Install 7.2-2ubuntu0.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano-tiny
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu questing
nano→8.4-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 8.4-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano→8.4-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 8.4-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano-tiny→8.4-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 8.4-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano-tiny
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
nano→8.7.1-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 8.7.1-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano→8.7.1-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 8.7.1-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano
Most apt upgrades restart their service automatically. needrestart lists anything else.
nano-tiny→8.7.1-1ubuntu0.1apt_upgradeStandard apt upgrade. Install 8.7.1-1ubuntu0.1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y nano-tiny
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8386-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8386-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.