Published: 11/03/2024 Updated: 12/03/2024

Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Debian Bug report logs - #1066113 guix: CVE-2024-27297 Package: src:guix; Maintainer for src:guix is Vagrant Cascadian <vagrant@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Mar 2024 20:09:02 UTC Severity: important Tags: pending, security, upstream Found in versions guix/140-3, ...

Usefull commands Configure nixos-rebuild switch --flake flake_path_directory#hostname nix flake update --extra-experimental-features "nix-command flakes" Show changements between revisions nix profile diff-closures --profile /nix/var/nix/profiles/system

https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 https://hackmd.io/03UGerewRcy3db44JQoWvw https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066113 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-27297

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect