ブログ — Security Advisory
Build User Takeover Vulnerability (CVE-2024-52867)
2024年10月21日
A security issue, known as CVE-2024-52867 , has been identified in guix-daemon which allows for a local user to gain the privileges of…
Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)
2024年03月12日
A security issue has been identified in guix-daemon which allows for fixed-output derivations , such as source code tarballs or Git checkouts, to be corrupted by an unprivileged…
Risk of local privilege escalation via guix-daemon (CVE-2021-27851)
2021年03月18日
A security vulnerability that can lead to local privilege escalation has been found in guix-daemon . It affects multi-user setups in which guix-daemon runs locally. …
Risk of local privilege escalation via setuid programs
2021年02月09日
On Guix System, setuid programs were, until now, installed as setuid-root and setgid-root (in the /run/setuid-programs directory). However, most of these programs are meant to…
Insecure permissions on profile directory (CVE-2019-18192)
2019年10月17日
We have become aware of a security issue for Guix on multi-user systems that we have just fixed ( CVE-2019-18192 ). Anyone running Guix on a multi-user system is…