DigiNews

Tech Watch by Johan Denoyer

← Back to articles

‘guix substitute‘ and ‘guix pull‘ Vulnerabilities

Quality: 9/10 Relevance: 9/10

Summary

GNU Guix reports multiple vulnerabilities in guix substitute and guix pull/time-machine with CVEs pending. The advisories describe remote and local exploitation risks, upgrade and mitigation steps (including --no-substitutes), and a test script to check vulnerable status, along with a timeline of discovery and fixes.

🚀 Service construit par Johan Denoyer