diff options
author | Ludovic Courtès <ludo@gnu.org> | 2021-04-03 22:13:28 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2021-04-03 22:13:28 +0200 |
commit | c9960ad67c7644225343e913d5fea620d97bb293 (patch) | |
tree | 3697e709e10b83f69d31be5e0501dca98a80db26 | |
parent | 72f911bf059ec3d984dbc2d22e02165940cb9983 (diff) | |
download | guix-c9960ad67c7644225343e913d5fea620d97bb293.tar.gz |
news: Recommend upgrade for account activation vulnerability.
* etc/news.scm: Recommend upgrade.
-rw-r--r-- | etc/news.scm | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/etc/news.scm b/etc/news.scm index 9b23c7ca0f..adb81dd64b 100644 --- a/etc/news.scm +++ b/etc/news.scm @@ -31,6 +31,13 @@ escalation has been found in the code that creates user accounts on Guix System---Guix on other distros is unaffected. The system is only vulnerable during the activation of user accounts that do not already exist. +This bug is fixed and Guix System users are advised to upgrade their system, +with a command along the lines of: + +@example +guix system reconfigure /run/current-system/configuration.scm +@end example + The attack can happen when @command{guix system reconfigure} is running. Running @command{guix system reconfigure} can trigger the creation of new user accounts if the configuration specifies new accounts. If a user whose account |