Detections
Analytics
Debian dsa-5669 : guix - security update
medium Nessus Plugin ID 193698
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5669 advisory.-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5669-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : guix CVE ID : CVE-2024-27297
It was discovered that insufficient restriction of unix daemon sockets in the GNU Guix functional package manager could result in sandbox bypass.
For the oldstable distribution (bullseye), this problem has been fixed in version 1.2.0-4+deb11u2.
For the stable distribution (bookworm), this problem has been fixed in version 1.4.0-3+deb12u1.
We recommend that you upgrade your guix packages.
For the detailed security status of guix please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/guix
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYmEj0ACgkQEMKTtsN8 TjadOg//QNwxj1LaUW92byZO1DaMWzwnPElHIwwgTUIWj2NCxZQbumPb6PF0AnYq n15GcHY1y3jvJ9VnvLI7uns82Gtjqhr9m/sfrDnX/9JPlLBNXTdjQ3/mpECUp6aU BvN+kmw4irmsfXqtWR33nrdxID+/mCuDfDHM0Cl64JSbrntqOhpRbkML3DNOdWs0 h6BeIhFRoGkLLzh2M8U9uyivrLwrlf8ONem4kmn0xtRowc2Y/0GSg/fJIJPwR3/K j8FmuydKkm3oVNITr2z2f+b9mzSxXbC7tOgoA6o7Vuxc3Ha7cGn9DojFWKV5DCPv VFMKjeos9ELIetmSA/GtSMqTn5rV2QlRWHvUnxtGTyewHsz4j/cXXo5F59f+t2zB LZ8aAlzbM5c5/ZVhQVNnuzY8ueaPkOAyFkdawPjSTis0S0KYjgz9/4F8peYNEyJ7 GUgS2b9aXp3j1dLPKjXDXHXUNL3quemK3aUZCZElgsGN6oHZnOvf/t04jL9BN0/o gL7wShs2ZsS/AQ7HRQ+OuYTTcs8patbgitCKI74u8oS/ArrG/U4TfgKhwqFaAICX x5cJFreSKzhTQWIhGaxPY73s1zDy5KyLBQjQ67DPbqqYcCC0SwrUFegYrOllORnj TLlkkG7vkelx/PxYqzy+YrWeoHt/jdSTR8j5bn1XEYPa/4MZrIg= =0oSL
-----END PGP SIGNATURE-----
Reply to:
[email protected] Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list)
Prev by Date:
[SECURITY] [DSA 5668-1] chromium security update
Next by Date:
[SECURITY] [DSA 5670-1] thunderbird security update
Previous by thread:
[SECURITY] [DSA 5668-1] chromium security update
Next by thread:
[SECURITY] [DSA 5670-1] thunderbird security update
Index(es):
Date Thread
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade the guix packages.See Also
https://security-tracker.debian.org/tracker/source-package/guix
https://security-tracker.debian.org/tracker/CVE-2024-27297
Plugin Details
Severity: Medium
ID: 193698
File Name: debian_DSA-5669.nasl
Version: 1.6
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 4/23/2024
Updated: 6/30/2025
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.2
Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N
CVSS Score Source: CVE-2024-27297
CVSS v3
Risk Factor: Medium
Base Score: 5.9
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:11.0, cpe:/o:debian:debian_linux:12.0, p-cpe:/a:debian:debian_linux:guix
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/22/2024
Vulnerability Publication Date: 3/11/2024
Reference Information
CVE: CVE-2024-27297