Ubuntu 22.04 LTS / 24.04 LTS : Nix vulnerabilities (USN-7633-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7633-1 advisory. Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary...

USN-7633-1: Nix vulnerabilities

Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-38531 Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS certificates. A remote attacker could possibly use this issue ...

CVE-2025-52993

A race condition in the Nix, Lix, and Guix package managers enables changing the ownership of arbitrary files to the UID and GID of the build user e.g., nixbld or guixbuild. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before...

CVE-2025-52991

The Nix, Lix, and Guix package managers default to using temporary build directories in a world-readable and world-writable location. This allows standard users to deceive the package manager into using directories with pre-existing content, potentially leading to unauthorized actions or data...

CVE-2025-52992

The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and...