Language | Title | Body | |
---|---|---|---|
New | en | Daemon vulnerability allowing takeover of build users fixed | A vulnerability allowing a local user to execute arbitrary code as any of the build users has been identified and fixed. Most notably, this allows any local user to alter the result of any local build, even if it happens inside a container. The only requirements to exploit this vulnerability are the ability to start a derivation build and the ability to run arbitrary code with access to the store in the root PID namespace on the machine that build occurs on. This largely limits the vulnerability to multi-user systems. This vulnerability is caused by the fact that You are advised to upgrade See https://issues.guix.gnu.org/73919 for more information on this vulnerability. |
No new packages
No removed packages
Name | Versions |
---|---|
guix |
|
No lint warning changes