Week 11, 2024

2024-03-11 to 2024-03-17

News

Daemon vulnerability allowing store corruption has been fixed

A vulnerability in the build daemon, guix-daemon, was identified and fixed. The vulnerability would allow unprivileged users to corrupt the result of fixed-output derivations such as source code tarballs and Git checkouts, which in turn could lead to local privilege escalation.

This bug is fixed and Guix System users are advised to upgrade their system, with a command along the lines of:

sudo guix system reconfigure /run/current-system/configuration.scm
sudo herd restart guix-daemon

If you are using Guix on another distro, run info "(guix) Upgrading Guix" or visit https://guix.gnu.org/manual/devel/en/html_node/Upgrading-Guix.html to learn how to upgrade Guix.

See https://issues.guix.gnu.org/69728 for more information on this issue.

Package changes

New packages

emacs-plan9-theme, go-github-com-alexliesenfeld-health, go-github-com-blang-semver-v4, go-github-com-jbenet-go-cienv, go-github-com-jbenet-go-random, go-github-com-jbenet-go-temp-err-catcher, go-github-com-jbenet-goprocess, go-github-com-josharian-intern, go-github-com-klauspost-pgzip, go-github-com-whyrusleeping-go-sysinfo, halibut, kalamine, morpheus, portmidi, python-zconfig, python-zodb, python-zodbpickle, raspi-gpio, rust-bindgen-cli, sgt-puzzles, xfwm4-themes

Removed packages

None

Version changes

asymptote, bffe, bpftool, cagebreak, cl-croatoan, cl-nodgui, cni-plugins, cpupower, diffoscope, ec, ecl-croatoan, ecl-nodgui, emacs-ac-php, emacs-apheleia, emacs-arei, emacs-buttercup, emacs-cape, emacs-circe, emacs-clj-refactor, emacs-clojure-mode, emacs-consult, emacs-crux, emacs-ebib, emacs-ebuild-mode, emacs-eldev, emacs-emms, emacs-eshell-up, emacs-fountain-mode, emacs-git-link, emacs-gptel, emacs-hyperbole, emacs-jinx, emacs-json-mode, emacs-key-chord, emacs-mastodon, emacs-mini-echo, emacs-modus-themes, emacs-org, emacs-org-caldav, emacs-org-pandoc-import, emacs-ox-tufte, emacs-pg, emacs-prescient, emacs-robe, emacs-sway, emacs-tablist, emacs-tracking, emacs-visual-fill-column, emacs-yeetube, fcgiwrap, fet, font-google-noto, font-google-noto-emoji, font-google-noto-serif-cjk, freefall, freeipmi, garcon, giac, gimagereader, go-github-com-beorn7-perks-quantile, go-github-com-blang-semver, go-github-com-ulikunitz-xz, grimshot, guile-ares-rs, guile-scheme-json-rpc, guix, guix-build-coordinator, guix-build-coordinator-agent-only, guix-data-service, hydrogen, img2pdf, keepassxc, lagrange, libextractor, libraqm, lilypond, linux-libre, linux-libre-arm-generic, linux-libre-arm-omap2plus, linux-libre-arm64-generic, linux-libre-bpf, linux-libre-documentation, linux-libre-headers, linux-libre-mips64el-fuloong2e, linux-libre-riscv64-generic, ltris, manaplus, manuskript, mgba, musescore, naev, nyxt, open-adventure, openjdk, opentaxsolver, perf, python-configargparse, python-poppler-qt5, python-pyportmidi, pyzo, r-accsda, r-admisc, r-asics, r-biostrings, r-clusterprofiler, r-cobs, r-colorramps, r-coregx, r-deseq2, r-fda, r-flextable, r-genomeinfodb, r-genomicfeatures, r-ggraph, r-globals, r-gmodels, r-graphlayouts, r-gsva, r-logger, r-multcompview, r-nodbi, r-paws-common, r-qs, r-rgl, r-rmarkdown, r-rnifti, r-rstan, r-stringdb, r-survey, r-systemfonts, r-zcompositions, r-zlibbioc, rosegarden, rpi-imager, ruby-stackprof, rust-cbindgen, sbcl-croatoan, sbcl-nodgui, scummvm, slib, smartdns, ssh-to-age, swig, texmacs, thunar, tinmop, tmon, tumbler, turbostat, usbip-utils, vcmi, wego, wine, wine-minimal, wine-staging, wine-staging-patchset-data, wine64, wine64-staging, wlgreet, wob, x86-energy-perf-policy, xfce4-appfinder, xfce4-dev-tools, xfce4-panel, xfce4-power-manager, xfce4-settings, xfce4-terminal, xfconf, xournalpp, zig-zls

View comparison data