Synopsis
The remote openSUSE host is missing one or more security updates.
Description
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21166-1 advisory.
Changes in nano:
- Update to version 9.1:
* When searching, the viewport is placed snug left where possible.
* The ability to read and write files in old Mac format (a lone carriage return as line ending) was removed.
* The ^T toggle between WhereIs and GotoLine was dropped.
* Fix backups that were missing or had a wrong timestamp when
--backup is active.
* On a crash or kill, a .save file is no longer chmodded or chowned to the base file's permissions and owner.
* The history code now creates the ~/.local directory with limited access rights (boo#1263437; the referenced CVE-2026-40556 was rejected upstream).
* M-Ins and M-Del have become rebindable.
- GNU nano 9.0:
* When the cursor almost goes offscreen to the right, all lines are now scrolled sideways together, by just the amount needed to keep the cursor in view.
Use --solosidescroll or 'set solosidescroll' to get back the old, jerky, single-line horizontal scrolling.
* The viewport can be scrolled sideways (in steps of one tabsize) with M-< and M->. See `man nanorc` if M-< and M-> should switch between buffers (as they did earlier).
* M-Left, M-Right, M-Up, and M-Down have become rebindable.
* Stopping the recording of a macro immediately after starting it cancels the recording and leaves an existing macro in place.
* Feature toggles no longer break a chain of ^K cuts or M-6 copies, except the M-K cut-from-cursor toggle.
* With --mouse and --indicator, one can click in the scrollbar area to roughly navigate within the buffer.
* CVE-2026-6843: format string vulnerability leads to denial of service (boo#1262643)
* create the ~/.local directory with limited access rights (CVE-2026-6842 boo#1263022, CVE-2026-40556 boo#1263437)
- GNU nano 8.7.1:
* fix build against glibc-2.43 (boo#1258260)
- GNU nano 8.7:
* At the Execute prompt, preceding the command with two pipe symbols allows implementing a copy-to-clipboard feature in nanorc on terminals that support OSC 52. See doc/sample.nanorc
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected nano and / or nano-lang packages.
Plugin Details
File Name: openSUSE-2026-21166-1.nasl
Agent: unix
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
Vector: CVSS2#AV:L/AC:H/Au:S/C:N/I:P/A:N
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:nano-lang, p-cpe:/a:novell:opensuse:nano
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 6/29/2026
Vulnerability Publication Date: 4/22/2026