mirror of
git://git.savannah.gnu.org/guix.git
synced 2023-12-14 03:33:07 +01:00
news: Recommend upgrade for account activation vulnerability.
* etc/news.scm: Recommend upgrade.
This commit is contained in:
parent
72f911bf05
commit
c9960ad67c
|
@ -31,6 +31,13 @@ escalation has been found in the code that creates user accounts on Guix
|
||||||
System---Guix on other distros is unaffected. The system is only vulnerable
|
System---Guix on other distros is unaffected. The system is only vulnerable
|
||||||
during the activation of user accounts that do not already exist.
|
during the activation of user accounts that do not already exist.
|
||||||
|
|
||||||
|
This bug is fixed and Guix System users are advised to upgrade their system,
|
||||||
|
with a command along the lines of:
|
||||||
|
|
||||||
|
@example
|
||||||
|
guix system reconfigure /run/current-system/configuration.scm
|
||||||
|
@end example
|
||||||
|
|
||||||
The attack can happen when @command{guix system reconfigure} is running.
|
The attack can happen when @command{guix system reconfigure} is running.
|
||||||
Running @command{guix system reconfigure} can trigger the creation of new user
|
Running @command{guix system reconfigure} can trigger the creation of new user
|
||||||
accounts if the configuration specifies new accounts. If a user whose account
|
accounts if the configuration specifies new accounts. If a user whose account
|
||||||
|
|
Loading…
Reference in a new issue