[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
branch master updated: news: Recommend upgrade for account activation vu
|
From: |
guix-commits |
|
Subject: |
branch master updated: news: Recommend upgrade for account activation vulnerability. |
|
Date: |
Sat, 03 Apr 2021 16:14:06 -0400 |
This is an automated email from the git hooks/post-receive script.
civodul pushed a commit to branch master
in repository guix.
The following commit(s) were added to refs/heads/master by this push:
new c9960ad news: Recommend upgrade for account activation vulnerability.
c9960ad is described below
commit c9960ad67c7644225343e913d5fea620d97bb293
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sat Apr 3 22:13:28 2021 +0200
news: Recommend upgrade for account activation vulnerability.
* etc/news.scm: Recommend upgrade.
---
etc/news.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/etc/news.scm b/etc/news.scm
index 9b23c7c..adb81dd 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -31,6 +31,13 @@ escalation has been found in the code that creates user
accounts on Guix
System---Guix on other distros is unaffected. The system is only vulnerable
during the activation of user accounts that do not already exist.
+This bug is fixed and Guix System users are advised to upgrade their system,
+with a command along the lines of:
+
+@example
+guix system reconfigure /run/current-system/configuration.scm
+@end example
+
The attack can happen when @command{guix system reconfigure} is running.
Running @command{guix system reconfigure} can trigger the creation of new user
accounts if the configuration specifies new accounts. If a user whose account
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- branch master updated: news: Recommend upgrade for account activation vulnerability.,
guix-commits <=