There is a vulnerability in Nix 2.24.
If you're using the regular nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the nix (not NixOS) installers, or are using nixVersions.git from nixpkgs, then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon.
GHSA-h4vv-h3jq-v493
#NixOS #security
NixOS /
npub13h…9dhhp
2024-09-10 07:29:14
Author Public Key
npub13hfv0rxyy6er553akhuc4cjxdc478m2p4jls2wmcjwegj52d9gcsq9dhhpPublished at
2024-09-10 07:29:14Event JSON
{
"id": "e3ac363b93347098f30fa3289bfc8b879645794cc4cc70efe21d5259178ab40f",
"pubkey": "8dd2c78cc426b23a523db5f98ae2466e2be3ed41acbf053b7893b289514d2a31",
"created_at": 1725953354,
"kind": 1,
"tags": [
[
"t",
"nixos"
],
[
"t",
"security"
],
[
"proxy",
"https://chaos.social/users/nixos_org/statuses/113112079063412577",
"activitypub"
]
],
"content": "There is a vulnerability in Nix 2.24.\n\nIf you're using the regular nix from nixpkgs (which the vast majority of users will be), you're still on a safe version. If you recently (after August 1st) installed nix using the nix (not NixOS) installers, or are using nixVersions.git from nixpkgs, then you need to double-check. A fix is expected in version 2.24.6 which is to be released soon.\n\nGHSA-h4vv-h3jq-v493\n\n#NixOS #security",
"sig": "0b2aa1faaed1a430519531dae495a8eaed57f7ee8bad838a690937d696a9f10dc0bd31e62d50e6e2e97866f9e5f4f76f432a317f479d66eb9f8bc50bea023fee"
}