434 matches found
nix-2.29.1-1.1 on GA media (moderate)
nix-2.29.1-1.1 on GA media Announcement ID: openSUSE-SU-2025:15248-1 Rating: moderate Cross-References: CVE-2025-46415 CVE-2025-52991 CVE-2025-52992 CVE-2025-52993 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These are all...
OPENSUSE-SU-2025:15248-1 nix-2.29.1-1.1 on GA media
These are all security issues fixed in the nix-2.29.1-1.1 package on the GA media of openSUSE Tumbleweed...
The vulnerability of the unlinkat() function in package managers Nix, Lix, and Guix allows attackers to increase their privileges.
The vulnerability of the unlinkat function in Nix, Lix, and Guix is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Nix, Lix, and Guix package managers lies in their lack of access control mechanisms, allowing attackers to gain read and write access to data.
The vulnerability of the Nix, Lix, and Guix package managers is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain read and write access to data...
The vulnerability of the Nix, Lix, and Guix package managers lies in the improper assignment of permissions to critical resources, allowing attackers to gain read and write access to data.
The vulnerability of the Nix, Lix, and Guix package managers is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow an attacker to gain access to read and modify data...
The vulnerability of the guix-daemon package manager in Nix, Lix, and Guix allows a hacker to increase their privileges.
The vulnerability of the guix-daemon package manager in Nix, Lix, and Guix is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2025-52993
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...
CVE-2025-52991
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...
CVE-2025-52992
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...
CVE-2025-46415
A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b...
CVE-2025-46416
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account e.g., nixbld or guixbuild. This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before...
CVE-2025-52993
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...
DEBIAN-CVE-2025-52993
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...
CVE-2025-52993
A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...
CVE-2025-52991
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...
CVE-2025-52992
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...
CVE-2025-52991
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...
CVE-2025-52992
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...
CVE-2025-52992
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...
DEBIAN-CVE-2025-52991
The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...