E-Ink News Daily

Back to list

‘guix substitute‘ and ‘guix pull‘ vulnerabilities

Critical security vulnerabilities have been identified in GNU Guix's 'guix substitute' and 'guix pull' utilities, allowing for remote privilege escalation, store corruption, and arbitrary file overwrites. These issues affect all systems regardless of whether the daemon runs with root privileges, posing significant risks including man-in-the-middle attacks and denial-of-service.

Background

GNU Guix is a functional package manager for the GNU operating system that emphasizes reproducibility and free software principles. It relies on a daemon to manage builds and substitutes, making its security critical for system integrity.

Source
Lobsters
Published
Jul 3, 2026 at 02:45 PM
Score
9.0 / 10