Blog — Security Advisory
Build User Takeover Vulnerability
21 octobre 2024
A security issue has been identified in guix-daemon which allows for a local user to gain the privileges of any of the build users and subsequently use…
Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)
12 mars 2024
A security issue has been identified in guix-daemon which allows for fixed-output derivations , such as source code tarballs or Git checkouts, to be corrupted by an unprivileged…
Risk of local privilege escalation via guix-daemon (CVE-2021-27851)
18 mars 2021
A security vulnerability that can lead to local privilege escalation has been found in guix-daemon . It affects multi-user setups in which guix-daemon runs locally. …
Risk of local privilege escalation via setuid programs
9 février 2021
On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to…
Insecure permissions on profile directory (CVE-2019-18192)
17 octobre 2019
We have become aware of a security issue for Guix on multi-user systems that we have just fixed ( CVE-2019-18192 ). Anyone running Guix on a multi-user system is…