news: Recommend upgrade for account activation vulnerability.

* etc/news.scm: Recommend upgrade.
2021-04-03 22:13:28 +02:00 · 2021-04-03 22:13:28 +02:00 · c9960ad67c
commit c9960ad67c
parent 72f911bf05
1 changed files with 7 additions and 0 deletions
--- a/etc/news.scm
+++ b/etc/news.scm
@ -31,6 +31,13 @@ escalation has been found in the code that creates user accounts on Guix
 System---Guix on other distros is unaffected.  The system is only vulnerable
 during the activation of user accounts that do not already exist.

+This bug is fixed and Guix System users are advised to upgrade their system,
+with a command along the lines of:
+
+@example
+guix system reconfigure /run/current-system/configuration.scm
+@end example
+
 The attack can happen when @command{guix system reconfigure} is running.
 Running @command{guix system reconfigure} can trigger the creation of new user
 accounts if the configuration specifies new accounts.  If a user whose account