Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary code. (CVE-2024-38531) Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS certificates. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2024-47174) It was discovered that Nix did not correctly handle Unix sockets. An attacker could possibly use this issue execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-27297) It was discovered that Nix did not correctly handle unpacking Nix archives (NARS). If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-45593)
Continue reading...
Continue reading...
