Zowopsa zapezeka mwa oyang'anira phukusi la GNU Guix, Nix, ndi Lix (Nix, Guix, Lix) zomwe zimalola kuti code ichitidwe ndi mwayi wa ogwiritsa ntchito pomwe ntchito zomanga zimakhazikitsidwa (monga nixbld* mu Nix/Lix), zomwe zitha kugwiritsidwa ntchito polemba zidziwitso zakumalo omanga ndikupanga kusintha pamapangidwe. Mavutowa amapezeka mumayendedwe a guix-daemon ndi nix-daemon omwe amagwiritsidwa ntchito kupatsa ogwiritsa ntchito opanda mwayi mwayi womanga ntchito.
Zowonongeka zimayamba chifukwa chakuti pamachitidwe ena, njira zonse zamafayilo zidagwiritsidwa ntchito m'malo mwa ofotokozera dirfd kuti apeze zolemba zosakhalitsa, zomwe zimalola kuti bukhu lomanga lomwe lili mu /tmp hierarchy (mwachitsanzo, "/tmp/guix-build-PACKAGE-XYdrv-0") kuti alowe m'malo. Kugwiritsa ntchito molakwika dirfd muzofufuta mobwerezabwereza kudapangitsa kuti pakhale mpikisano, chifukwa chomwe wowukira atha kulowetsa ulalo wophiphiritsa pakadali pano pakati pa kupanga ndi kusintha kwa eni chikwatu chomanga. Pakuwukira kopambana, guix-daemon/nix-daemon adasintha mwiniwake wa fayilo yomwe idayankhulidwa ndi ulalo wophiphiritsa m'malo mosintha wogwiritsa ntchito bukhu lomanga.
Zowonongeka zidakhazikitsidwa mu Lix 2.93, Nix 2.29, ndi Guix 1.4.0-38.0e79d5b. Kuti agwiritse ntchito zofookazo, wowukirayo ayenera kukhala wokhoza kuyendetsa ntchito zomanga mosasamala. Kuwukira pogwiritsa ntchito chiwopsezo cha CVE-2025-46415 kumafuna kuthekera kopanga mafayilo mu /tmp chikwatu pamakina omanga, pomwe pachiwopsezo cha CVE-2025-46416, ndikofunikira kuti muzitha kuyendetsa ma code potengera ma pid oyambira ndi ma network.
Source: opennet.ru
