nix-2.34.7-1.1 on GA media (moderate)

nix-2.34.7-1.1 on GA media Announcement ID: openSUSE-SU-2026:10696-1 Rating: moderate Cross-References: CVE-2026-44028 CVSS scores: CVE-2026-44028 SUSE : 7.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

DEBIAN-CVE-2026-44028

An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR Nix Archive parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite...

CVE-2026-44029

CVE-2026-44029 affects Nix prior to 2.34.7. The issue allows writing to arbitrary files via directory traversal in commands like nix-prefetch-url --unpack and nix store prefetch-file --unpack. Fixed in 2.34.7 (and older branches 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, 2.28.7; introduced in 2.24.7...

CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

CVE-2026-44029

An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 introduced in 2.24.7;...

Nix和lix 安全漏洞

Lix is a package manager developed by Lix OpenSource. Nix is also a package manager developed by Nix OpenSource. Versions of Nix prior to 2.34.7 and Lix prior to 2.95.2 contained security vulnerabilities. These vulnerabilities stemmed from unbounded recursion in the NAR parser, which could lead t...

PT-2026-37370

These are all security issues fixed in the nix-2.34.7-1.1 package on the GA media of openSUSE Tumbleweed...

Nix 安全漏洞

Nix is a package manager developed by Nix itself. Versions of Nix prior to 2.34.7 contained a security vulnerability. This vulnerability stemmed from directory traversal attacks using the nix-prefetch-url --unpack or nix store prefetch-file --unpack commands, allowing access to and writing...

OPENSUSE-SU-2026:10696-1 nix-2.34.7-1.1 on GA media

These are all security issues fixed in the nix-2.34.7-1.1 package on the GA media of openSUSE Tumbleweed...

EulerOS 2.0 SP11 : git (EulerOS-SA-2023-2265)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33....

CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...