diff options
| author | John Kehayias <john@guixotic.coop> | 2026-02-20 01:16:13 -0500 |
|---|---|---|
| committer | John Kehayias <john@guixotic.coop> | 2026-02-20 01:16:13 -0500 |
| commit | 4d1291eaaabc6ff440fa1e76e0c9160fd8a3c21a (patch) | |
| tree | 0d77281cec98d55e5f4b3e699428842d84175cf2 | |
| parent | d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b (diff) | |
news: Announce potential security issue in glibc package.
* etc/news.scm: Add entry.
Change-Id: Iea4883d83cae7dee937d46d534cfa8dad17b1028
| -rw-r--r-- | etc/news.scm | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/etc/news.scm b/etc/news.scm index b7f9c059cd1..008751d2961 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -42,6 +42,16 @@ (channel-news (version 0) + (entry (commit "d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b") + (title + (en "Potential security vulnerability in glibc")) + (body + (en "Guix adds the environment variable @code{GUIX_LOCPATH} to glibc, +however it was not added to potentially unsafe variables to be unset in +privileged environments. A CVE number is pending for this issue. This has +been fixed with a graft to glibc and users should update all profiles, +reconfigure their system, and reboot."))) + (entry (commit "6d4cb99a15da7f4fd55f956c55f4f4aacfcc7742") (title (en "@code{%desktop-services} now includes GDM on AArch64") |