futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

news: Add erratum for '--keep-failed' vulnerability.

Browse Source 
* etc/news.scm: Add entry.
This commit is contained in:
Tobias Geerinckx-Rice 2021-03-18 21:51:45 +01:00
parent 9ade2b720a
commit f62633a527
No known key found for this signature in database
GPG Key ID: 0DB0FF884F556D79
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
etc/news.scm
View File

@ -20,6 +20,22 @@
(channel-news (channel-news
(version 0) (version 0)
(entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf")
(title
(en "Update on previous @command{guix-daemon} local privilege escalation"))
(body
(en "The previous news item described a potential local privilege
escalation in @command{guix-daemon}, and claimed that systems with the Linux
@uref{https://www.kernel.org/doc/Documentation/sysctl/fs.txt,
``protected hardlink''} feature enabled were unaffected by the vulnerability.
This is not entirely correct. Exploiting the bug on such systems is harder,
but not impossible. To avoid unpleasant surprises, all users are advised to
upgrade @command{guix-daemon}. Run @command{info \"(guix) Upgrading Guix\"}
for info on how to do that. See
@uref{http://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/}
for more information on this bug.")))
(entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf") (entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf")
(title (title
(en "Risk of local privilege escalation @i{via} @command{guix-daemon}") (en "Risk of local privilege escalation @i{via} @command{guix-daemon}")