بلاگ — Security Advisory
Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)
مارس 12، 2024
A security issue has been identified in guix-daemon which allows for fixed-output derivations , such as source code tarballs or Git checkouts, to be corrupted by an unprivileged…
Risk of local privilege escalation via guix-daemon (CVE-2021-27851)
مارس 18، 2021
A security vulnerability that can lead to local privilege escalation has been found in guix-daemon . It affects multi-user setups in which guix-daemon runs locally. …
Risk of local privilege escalation via setuid programs
فوریه 9، 2021
On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to…
Insecure permissions on profile directory (CVE-2019-18192)
اكتبر 17، 2019
We have become aware of a security issue for Guix on multi-user systems that we have just fixed ( CVE-2019-18192 ). Anyone running Guix on a multi-user system is…