Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-5669-1:73566
HistoryApr 22, 2024 - 7:34 a.m.

[SECURITY] [DSA 5669-1] guix security update

2024-04-2207:34:53
lists.debian.org
3
guix
daemon
update
restriction
unix
socket
debian

6.3 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

6.7 Medium

AI Score

Confidence

High

4.1 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

14.5%

JSON

Debian Security Advisory DSA-5669-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 22, 2024 https://www.debian.org/security/faq

Package : guix
CVE ID : CVE-2024-27297

It was discovered that insufficient restriction of unix daemon sockets
in the GNU Guix functional package manager could result in sandbox
bypass.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.2.0-4+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 1.4.0-3+deb12u1.

We recommend that you upgrade your guix packages.

For the detailed security status of guix please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/guix

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debianbookwormallguix< 1.4.0-3+deb12u1guix_1.4.0-3+deb12u1_all.deb
Debian11allguix< 1.2.0-4+deb11u2guix_1.2.0-4+deb11u2_all.deb

Related

cvelist 1
debiancve 1
veracode 1
prion 1
nessus 1
osv 2
openvas 1
ubuntucve 1
alpinelinux 1
cve 1
cvelist
cvelist
CVE-2024-27297 Nix Corruption of fixed-output derivations
2024-03-11 21:24:43
debiancve
debiancve
CVE-2024-27297
2024-03-11 22:15:55
veracode
veracode
Improper Check For Unusual Or Exceptional Conditions
2024-03-20 16:46:28
prion
prion
Design/Logic Flaw
2024-03-11 22:15:00
nessus
nessus
Debian dsa-5669 : guix - security update
2024-04-23 00:00:00
osv
osv
CVE-2024-27297
2024-03-11 22:15:55
guix - security update
2024-04-22 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5669-1)
2024-04-22 00:00:00
ubuntucve
ubuntucve
CVE-2024-27297
2024-03-11 00:00:00
alpinelinux
alpinelinux
CVE-2024-27297
2024-03-11 22:15:55
cve
cve
CVE-2024-27297
2024-03-11 22:15:55

6.3 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

6.7 Medium

AI Score

Confidence

High

4.1 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:S/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

14.5%

JSON
Related for DEBIAN:DSA-5669-1:73566
cvelist1debiancve1veracode1prion1nessus1osv2openvas1ubuntucve1alpinelinux1cve1