Guix
Monthly
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.