Gnu Guix vulnerabilities

CVE-2025-59378 [MEDIUM] CWE-669 CVE-2025-59378: In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

CVE-2021-27851 [MEDIUM] CWE-264 CVE-2021-27851: A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’ A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardli

CVE-2019-18192 [HIGH] CVE-2019-18192: GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent d GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365.