news: Add erratum for '--keep-failed' vulnerability.
* etc/news.scm: Add entry.master
parent
9ade2b720a
commit
f62633a527
16
etc/news.scm
16
etc/news.scm
|
@ -20,6 +20,22 @@
|
|||
(channel-news
|
||||
(version 0)
|
||||
|
||||
(entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf")
|
||||
(title
|
||||
(en "Update on previous @command{guix-daemon} local privilege escalation"))
|
||||
(body
|
||||
(en "The previous news item described a potential local privilege
|
||||
escalation in @command{guix-daemon}, and claimed that systems with the Linux
|
||||
@uref{https://www.kernel.org/doc/Documentation/sysctl/fs.txt,
|
||||
``protected hardlink''} feature enabled were unaffected by the vulnerability.
|
||||
|
||||
This is not entirely correct. Exploiting the bug on such systems is harder,
|
||||
but not impossible. To avoid unpleasant surprises, all users are advised to
|
||||
upgrade @command{guix-daemon}. Run @command{info \"(guix) Upgrading Guix\"}
|
||||
for info on how to do that. See
|
||||
@uref{http://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-guix-daemon/}
|
||||
for more information on this bug.")))
|
||||
|
||||
(entry (commit "ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf")
|
||||
(title
|
||||
(en "Risk of local privilege escalation @i{via} @command{guix-daemon}")
|
||||
|
|
Reference in New Issue