A cikin mai sarrafa kunshin gano (CVE-2019-18192), wanda ke ba da damar yin amfani da lambar a cikin mahallin wani mai amfani. Matsalar tana faruwa a cikin saitunan masu amfani da yawa na Guix kuma ana haifar da shi ta hanyar kuskuren saita haƙƙin shiga ga tsarin tsarin tare da bayanan bayanan mai amfani.
Ta hanyar tsoho, ~/.guix-profile profile profile an ayyana su azaman hanyoyin haɗin kai zuwa /var/guix/profiles/per-user/$USER directory. Matsalar ita ce izini akan /var/guix/profiles/per-user/ directory yana ba kowane mai amfani damar ƙirƙirar sabbin kundin adireshi. Mai hari zai iya ƙirƙirar kundin adireshi don wani mai amfani wanda bai shiga ba tukuna kuma ya shirya lambar sa ta gudana (/ var/guix/profiles/per-user/$USER is available in the PATH m), kuma maharin na iya sanya fayilolin da za a iya aiwatarwa. a cikin wannan jagorar da za a kashe yayin da wanda aka azabtar ke gudana maimakon fayilolin aiwatar da tsarin).
source: budenet.ru