[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: news: Add entry for the daemon fixed-output derivation vulnerabil
|
From: |
guix-commits |
|
Subject: |
02/02: news: Add entry for the daemon fixed-output derivation vulnerability. |
|
Date: |
Mon, 11 Mar 2024 18:15:09 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit 4003c60abf7a6e59e47cc2deb9eef2f104ebb994
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Mar 11 23:13:40 2024 +0100
news: Add entry for the daemon fixed-output derivation vulnerability.
* etc/news.scm: Add entry.
Change-Id: Ib3f9c22eda1e8b9075620ec01b4edf2f24cfcf93
---
etc/news.scm | 40 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 39 insertions(+), 1 deletion(-)
diff --git a/etc/news.scm b/etc/news.scm
index 3e8c88499f..b54eb47221 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -1,6 +1,6 @@
;; GNU Guix news, for use by 'guix pull'.
;;
-;; Copyright © 2019-2023 Ludovic Courtès <ludo@gnu.org>
+;; Copyright © 2019-2024 Ludovic Courtès <ludo@gnu.org>
;; Copyright © 2019–2021 Tobias Geerinckx-Rice <me@tobias.gr>
;; Copyright © 2019, 2020 Miguel Ángel Arruga Vivas <rosen644835@gmail.com>
;; Copyright © 2019, 2020 Konrad Hinsen <konrad.hinsen@fastmail.net>
@@ -28,6 +28,44 @@
(channel-news
(version 0)
+ (entry (commit "8f4ffb3fae133bb21d7991e97c2f19a7108b1143")
+ (title
+ (en "Daemon vulnerability allowing store corruption has been fixed")
+ (fr "Une faille du démon permettant de corrompre le dépôt a été
corrigée"))
+ (body
+ (en "A vulnerability in the build daemon, @command{guix-daemon}, was
+identified and fixed. The vulnerability would allow unprivileged users to
+corrupt the result of @dfn{fixed-output derivations} such as source code
+tarballs and Git checkouts, which in turn could lead to local privilege
+escalation.
+
+This bug is fixed and Guix System users are advised to upgrade their system,
+with a command along the lines of:
+
+@example
+sudo guix system reconfigure /run/current-system/configuration.scm
+sudo herd restart guix-daemon
+@end example
+
+See @uref{https://issues.guix.gnu.org/69728} for more information on this
+issue.")
+ (fr "Une faille de sécurité du démon de compilation,
+@command{guix-daemon}, a été identifiée et corrigée. La faille permettait à
+un·e utilisateur·rice sans privilège de corrompre le résultat d'une
+@dfn{dérivation à sortie fixe} telle qu'une archive ou un @i{checkout} Git, ce
+qui peut ensuite permettre une élévation locale de privilèges.
+
+Ce problème est corrigé et les utilisateur·rices de Guix System sont invité·es
+à mettre à jour leur système avec une commande telle que :
+
+@example
+sudo guix system reconfigure /run/current-system/configuration.scm
+sudo herd restart guix-daemon
+@end example
+
+Voir @uref{https://issues.guix.gnu.org/69728} pour plus d'informations sur
+cette anomalie.")))
+
(entry (commit "10a193596368443f441077525ebbddf787d91e4b")
(title
(en "Linux-libre 4.14 removed due to end of upstream support")