Blog — Security Advisory
Build User Takeover Vulnerability (CVE-2024-52867)
October 21, 2024
A security issue, known as CVE-2024-52867 , has been identified in guix-daemon which allows for a local user to gain the privileges of…
Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)
March 12, 2024
A security issue has been identified in guix-daemon which allows for fixed-output derivations , such as source code tarballs or Git checkouts, to be corrupted by an unprivileged…
Risk of local privilege escalation via guix-daemon (CVE-2021-27851)
March 18, 2021
A security vulnerability that can lead to local privilege escalation has been found in guix-daemon . It affects multi-user setups in which guix-daemon runs locally. …
Risk of local privilege escalation via setuid programs
February 9, 2021
On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to…
Insecure permissions on profile directory (CVE-2019-18192)
October 17, 2019
We have become aware of a security issue for Guix on multi-user systems that we have just fixed ( CVE-2019-18192 ). Anyone running Guix on a multi-user system is…