An sami raunin rauni a cikin GNU Guix, Nix, da Manajan kunshin Lix (Nix, Guix, Lix) waɗanda ke ba da izinin aiwatar da lambar tare da gatan masu amfani waɗanda aka ƙaddamar da ayyukan ginawa (misali nixbld * a cikin Nix / Lix), waɗanda za a iya amfani da su don rubuta bayanan al'ada zuwa yanayin gini da yin canje-canje ga tsarin gini. Matsalolin suna kasancewa a cikin guix-daemon da tsarin nix-daemon baya da ake amfani da su don samar da masu amfani marasa gata don samun damar gina ayyukan.
Rashin lahani yana haifar da gaskiyar cewa yayin wasu ayyuka, an yi amfani da cikakkun hanyoyin fayil maimakon bayanan dirfd don samun damar kundayen adireshi na wucin gadi, wanda ya ba da izinin ginin ginin da ke cikin matsayi na / tmp (misali, "/ tmp/guix-build-PACKAGE-XYdrv-0") don maye gurbinsa. Yin amfani da dirfd ba daidai ba a cikin aikin sharewa na maimaitawa ya haifar da yanayin tseren, saboda wanda maharin zai iya maye gurbin hanyar haɗi ta alama a wannan lokacin tsakanin ƙirƙira da canji na mai mallakar ginin ginin. A cikin nasara harin, guix-daemon/nix-daemon ya canza mai shi fayil ɗin da aka yi magana da shi ta hanyar hanyar haɗin yanar gizo maimakon canza mai amfani don tsarin ginin.
An daidaita raunin a cikin Lix 2.93, Nix 2.29, da Guix 1.4.0-38.0e79d5b. Don yin amfani da raunin da ya faru, mai hari dole ne ya iya gudanar da ayyukan ginawa na son rai. Harin ta yin amfani da raunin CVE-2025-46415 yana buƙatar ikon ƙirƙirar fayiloli a cikin /tmp directory akan injin gini, yayin da CVE-2025-46416 mai rauni, ya zama dole a sami damar gudanar da lamba a cikin mahallin pid na farko da wuraren sunaye na cibiyar sadarwa.
source: budenet.ru
