{"id":"MGASA-2026-0121","summary":"Updated nano packages fix security vulnerabilities","details":"Local attacker can inject malicious .desktop launcher due to insecure\ndirectory permissions. (CVE-2026-6842)\nFormat string vulnerability leads to denial of service. (CVE-2026-6843)\n","modified":"2026-05-07T05:15:06.477387Z","published":"2026-05-07T05:06:13Z","upstream":["CVE-2026-6842","CVE-2026-6843"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0121.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35466"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLLMINU5CKQDNMS5OT7OKS5V6YQFIJUC/"}],"affected":[{"package":{"name":"nano","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nano?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.2-1.2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0121.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}