Source: nix Version: 2.34.6+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for nix. CVE-2026-44028[0]: | An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. | Unbounded recursion in the NAR (Nix Archive) parser could lead to a | stack-to-heap overflow when the parser is run on a coroutine stack. | The stack is allocated without a guard page, which means that a | stack overflow could overwrite memory on the heap and could allow | arbitrary code execution as the Nix daemon (run as root in multi- | user installations) if ASLR hardening is bypassed. This can be | exploited by all users able to connect to the daemon (e.g., in Nix, | this is configurable via the allowed-users setting, defaulting to | all users). The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, | 2.30.5, 2.29.4, and 2.28.7 for Nix (introduced in 2.24.4); and | 2.95.2, 2.94.2, and 2.93.4 for Lix (introduced in 2.93.0). CVE-2026-44029[1]: | An issue was discovered in Nix before 2.34.7. Writing to arbitrary | files can occur via "nix-prefetch-url --unpack" or "nix store | prefetch-file --unpack" directory traversal. The fixed versions are | 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 | (introduced in 2.24.7); If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-44028 https://www.cve.org/CVERecord?id=CVE-2026-44028 [1] https://security-tracker.debian.org/tracker/CVE-2026-44029 https://www.cve.org/CVERecord?id=CVE-2026-44029 Regards, Salvatore
