Nix Security Update Advisory (CVE-2024-45593)

Sep 20 2024

Overview

An update has been released to address vulnerabilities in Nix. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-45593

Nix versions: 2.24.0 (inclusive) ~ 2.24.5 (inclusive)

Resolved Vulnerabilities

Vulnerability that could allow malicious users to manipulate NAR files to cause Nix to write to arbitrary file system locations (CVE-2024-45593)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-45593

Nix version: 2.24.6

References

[1] CVE-2024-45593 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-45593

[2] Unsafe NAR unpacking

https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493

Nix Security Update Advisory (CVE-2024-45593)

Microsoft Edge browser security update advisory

FreeBSD Vulnerability Security Update Advisory (CVE-2024-41721)

Tags:

Microsoft Edge browser security update advisory

FreeBSD Vulnerability Security Update Advisory (CVE-2024-41721)