me
/
guix
Archived
1
0
Fork 0
Code

news: Recommend upgrade for account activation vulnerability. 

* etc/news.scm: Recommend upgrade.
master
Ludovic Courtès 2021-04-03 22:13:28 +02:00
parent 72f911bf05
commit c9960ad67c
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
etc/news.scm
View File

@ -31,6 +31,13 @@ escalation has been found in the code that creates user accounts on Guix
System---Guix on other distros is unaffected. The system is only vulnerable System---Guix on other distros is unaffected. The system is only vulnerable
during the activation of user accounts that do not already exist. during the activation of user accounts that do not already exist.
This bug is fixed and Guix System users are advised to upgrade their system,
with a command along the lines of:
@example
guix system reconfigure /run/current-system/configuration.scm
@end example
The attack can happen when @command{guix system reconfigure} is running. The attack can happen when @command{guix system reconfigure} is running.
Running @command{guix system reconfigure} can trigger the creation of new user Running @command{guix system reconfigure} can trigger the creation of new user
accounts if the configuration specifies new accounts. If a user whose account accounts if the configuration specifies new accounts. If a user whose account