Nixpkgs security tracker

Permalink CVE-2023-1326

7.7 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

local privilege escalation in apport-cli

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

References

https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c4… patchx_transferred
https://ubuntu.com/security/notices/USN-6018-1 vendor-advisoryx_transferred

Affected products

apport

=<2.26.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

nixos-unstable 0.0.0.4
- nixpkgs-unstable 0.0.0.4
- nixos-unstable-small 0.0.0.4

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>

Permalink CVE-2023-50781

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

M2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

References

https://access.redhat.com/security/cve/CVE-2023-50781 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2254426 x_transferredissue-trackingx_refsource_REDHAT

Affected products

pywbem

m2crypto

virt-who

Matching in nixpkgs

pkgs.python311Packages.pywbem

Support for the WBEM standard for systems management

nixos-unstable 1.7.2
- nixpkgs-unstable 1.7.2
- nixos-unstable-small 1.7.2

pkgs.python312Packages.pywbem

Support for the WBEM standard for systems management

nixos-unstable 1.7.2
- nixpkgs-unstable 1.7.2
- nixos-unstable-small 1.7.2

pkgs.python311Packages.m2crypto

Python crypto and SSL toolkit

nixos-unstable m2crypto-0.42.0
- nixpkgs-unstable m2crypto-0.42.0
- nixos-unstable-small m2crypto-0.42.0

pkgs.python312Packages.m2crypto

Python crypto and SSL toolkit

nixos-unstable m2crypto-0.42.0
- nixpkgs-unstable m2crypto-0.42.0
- nixos-unstable-small m2crypto-0.42.0

Permalink CVE-2024-31420

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year, 2 months ago

Cnv: dos through repeatedly calling vm-dump-metrics until virt handler crashes

A NULL pointer dereference flaw was found in KubeVirt. This flaw allows an attacker who has access to a virtual machine guest on a node with DownwardMetrics enabled to cause a denial of service by issuing a high number of calls to vm-dump-metrics --virtio and then deleting the virtual machine.

References

https://access.redhat.com/security/cve/CVE-2024-31420 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2272951 x_transferredissue-trackingx_refsource_REDHAT

Affected products

cnv

==4.15.0
==4.15.0

kubevirt

Matching in nixpkgs

pkgs.kubevirt

Client tool to use advanced features such as console access

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

pkgs.vimPlugins.scnvim

None

nixos-unstable 2024-09-16
- nixpkgs-unstable 2024-09-16
- nixos-unstable-small 2024-09-16

pkgs.python311Packages.cnvkit

Python library and command-line software toolkit to infer and visualize copy number from high-throughput DNA sequencing data

nixos-unstable 0.9.12
- nixpkgs-unstable 0.9.12
- nixos-unstable-small 0.9.12

pkgs.python312Packages.cnvkit

Python library and command-line software toolkit to infer and visualize copy number from high-throughput DNA sequencing data

nixos-unstable 0.9.12
- nixpkgs-unstable 0.9.12
- nixos-unstable-small 0.9.12

Package maintainers

@haslersn Sebastian Hasler <haslersn@fius.informatik.uni-stuttgart.de>
@jbedo Justin Bedő <cu@cua0.org>

Permalink CVE-2024-3094

10.0 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

Xz: malicious code in distributed source

Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.

References

http://www.openwall.com/lists/oss-security/2024/03/29/10 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/29/12 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/29/4 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/29/5 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/29/8 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/30/12 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/30/27 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/30/36 x_transferred
http://www.openwall.com/lists/oss-security/2024/03/30/5 x_transferred
http://www.openwall.com/lists/oss-security/2024/04/16/5 x_transferred
https://access.redhat.com/security/cve/CVE-2024-3094 x_transferredvdb-entryx_refsource_REDHAT
https://ariadne.space/2024/04/02/the-xz-utils-backdoor-is-a-symptom-of-a-larger… x_transferred
https://arstechnica.com/security/2024/03/backdoor-found-in-widely-used-linux-ut… x_transferred
https://aws.amazon.com/security/security-bulletins/AWS-2024-002/ x_transferred
https://blog.netbsd.org/tnf/entry/statement_on_backdoor_in_xz x_transferred
https://boehs.org/node/everything-i-know-about-the-xz-backdoor x_transferred
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024 x_transferred
https://bugs.gentoo.org/928134 x_transferred
RHBZ#2272210 issue-trackingx_transferredx_refsource_REDHAT
https://bugzilla.suse.com/show_bug.cgi?id=1222124 x_transferred
https://discourse.nixos.org/t/cve-2024-3094-malicious-code-in-xz-5-6-0-and-5-6-… x_transferred
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27 x_transferred
https://github.com/advisories/GHSA-rxwq-x6h5-x525 x_transferred
https://github.com/amlweems/xzbot x_transferred
https://github.com/karcherm/xz-malware x_transferred
https://gynvael.coldwind.pl/?lang=en&id=782 x_transferred
https://lists.debian.org/debian-security-announce/2024/msg00057.html x_transferred
https://lists.freebsd.org/archives/freebsd-security/2024-March/000248.html x_transferred
https://lwn.net/Articles/967180/ x_transferred
https://news.ycombinator.com/item?id=39865810 x_transferred
https://news.ycombinator.com/item?id=39877267 x_transferred
https://news.ycombinator.com/item?id=39895344 x_transferred
https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/ x_transferred
https://research.swtch.com/xz-script x_transferred
https://research.swtch.com/xz-timeline x_transferred
https://security-tracker.debian.org/tracker/CVE-2024-3094 x_transferred
https://security.alpinelinux.org/vuln/CVE-2024-3094 x_transferred
https://security.archlinux.org/CVE-2024-3094 x_transferred
https://security.netapp.com/advisory/ntap-20240402-0001/ x_transferred
https://tukaani.org/xz-backdoor/ x_transferred
https://twitter.com/LetsDefendIO/status/1774804387417751958 x_transferred
https://twitter.com/debian/status/1774219194638409898 x_transferred
https://twitter.com/infosecb/status/1774595540233167206 x_transferred
https://twitter.com/infosecb/status/1774597228864139400 x_transferred
https://ubuntu.com/security/CVE-2024-3094 x_transferred
https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compro… x_transferred
https://www.darkreading.com/vulnerabilities-threats/are-you-affected-by-the-bac… x_transferred
https://www.kali.org/blog/about-the-xz-backdoor/ x_transferred
https://www.openwall.com/lists/oss-security/2024/03/29/4 x_transferred
https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users x_transferred
https://www.tenable.com/blog/frequently-asked-questions-cve-2024-3094-supply-ch… x_transferred
https://www.theregister.com/2024/03/29/malicious_backdoor_xz/ x_transferred
https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094 x_transferred
https://xeiaso.net/notes/2024/xz-vuln/ x_transferred
https://www.binarly.io/blog/persistent-risk-xz-utils-backdoor-still-lurking-in-…

Affected products

xz

==5.6.0
==5.6.1

Matching in nixpkgs

pkgs.xz

General-purpose data compression software, successor of LZMA

nixos-unstable 5.6.3
- nixpkgs-unstable 5.6.3
- nixos-unstable-small 5.6.3

pkgs.pxz

compression utility that runs LZMA compression of different parts on multiple cores simultaneously

nixos-unstable 4.999.9beta
- nixpkgs-unstable 4.999.9beta
- nixos-unstable-small 4.999.9beta

pkgs.pixz

Parallel compressor/decompressor for xz format

nixos-unstable 1.0.7
- nixpkgs-unstable 1.0.7
- nixos-unstable-small 1.0.7

pkgs.xzgv

Picture viewer for X with a thumbnail-based selector

nixos-unstable 0.9.2
- nixpkgs-unstable 0.9.2
- nixos-unstable-small 0.9.2

pkgs.xzoom

X11 screen zoom tool

nixos-unstable 0.3
- nixpkgs-unstable 0.3
- nixos-unstable-small 0.3

pkgs.plymouth-proxzima-theme

Techno Plymouth theme with crazy animation

nixos-unstable 0-unstable-2023-01-30
- nixpkgs-unstable 0-unstable-2023-01-30
- nixos-unstable-small 0-unstable-2023-01-30

pkgs.python311Packages.txzmq

Twisted bindings for ZeroMQ

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0

pkgs.python312Packages.txzmq

Twisted bindings for ZeroMQ

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0

pkgs.python311Packages.python-xz

Pure Python library for seeking within compressed xz files

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

pkgs.python312Packages.python-xz

Pure Python library for seeking within compressed xz files

nixos-unstable 0.5.0
- nixpkgs-unstable 0.5.0
- nixos-unstable-small 0.5.0

Package maintainers

@7c6f434c Michael Raskin <7c6f434c@mail.ru>
@johnrtitor Masum Reza <masumrezarock100@gmail.com>
@ip1981 Igor Pashev <pashev.igor@gmail.com>
@mxmlnkn Maximilian Knespel
@svanderburg Sander van der Burg <s.vanderburg@tudelft.nl>
@womfoo Kranium Gikos Mendoza <kranium@gikos.net>

Permalink CVE-2023-3758

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): ADJACENT_NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

Sssd: race condition during authorization leads to gpo policies functioning inconsistently

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

References

RHSA-2024:1919 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:1920 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:1921 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:1922 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:2571 vendor-advisoryx_transferredx_refsource_REDHAT
RHSA-2024:3270 vendor-advisoryx_transferredx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-3758 x_transferredvdb-entryx_refsource_REDHAT
RHBZ#2223762 x_transferredissue-trackingx_refsource_REDHAT
https://github.com/SSSD/sssd/pull/7302 x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproj… x_transferred
https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html

Affected products

sssd

<2.9.5
*

Matching in nixpkgs

pkgs.sssd

System Security Services Daemon

nixos-unstable 2.9.5
- nixpkgs-unstable 2.9.5
- nixos-unstable-small 2.9.5

Package maintainers

@illustris Harikrishnan R <me@illustris.tech>

Permalink CVE-2022-2084

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

sensitive data exposure in cloud-init logs

Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords.

References

https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871… patchx_transferred
https://ubuntu.com/security/notices/USN-5496-1 vendor-advisoryx_transferred

Affected products

cloud-init

<23.0

Matching in nixpkgs

pkgs.cloud-init

Provides configuration and customization of cloud instance

nixos-unstable 24.2
- nixpkgs-unstable 24.2
- nixos-unstable-small 24.2

Package maintainers

@jfroche Jean-François Roche <jfroche@pyxel.be>
@illustris Harikrishnan R <me@illustris.tech>

Permalink CVE-2023-30797

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

Insecure Random Generation in Netflix Lemur

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.

References

https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-… vendor-advisoryx_transferred
https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238 patchx_transferred
https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm vendor-advisoryx_transferred
https://vulncheck.com/advisories/netflix-lemur-weak-rng x_transferredthird-party-advisory

Affected products

lemur

<<1.3.2

Matching in nixpkgs

pkgs.lemurs

Customizable TUI display/login manager written in Rust

nixos-unstable 0.3.2
- nixpkgs-unstable 0.3.2
- nixos-unstable-small 0.3.2

Package maintainers

@JeremiahSecrist Jeremiah Secrist <jeremiah@secrist.xyz>

Permalink CVE-2021-3429

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

sensitive data exposure in cloud-init logs

When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user.

References

https://github.com/canonical/cloud-init/commit/b794d426b9ab43ea9d6371477466070d… patchx_transferred

Affected products

cloud-init

<21.2

Matching in nixpkgs

pkgs.cloud-init

Provides configuration and customization of cloud instance

nixos-unstable 24.2
- nixpkgs-unstable 24.2
- nixos-unstable-small 24.2

Package maintainers

@jfroche Jean-François Roche <jfroche@pyxel.be>
@illustris Harikrishnan R <me@illustris.tech>

Permalink CVE-2023-30798

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year, 2 months ago

MultipartParser DOS with too many fields or files in Starlette Framework

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

References

https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x vendor-advisoryx_transferred
https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea19… patchx_transferred
https://vulncheck.com/advisories/starlette-multipartparser-dos x_transferredthird-party-advisory

Affected products

starlette

<0.25.0

Matching in nixpkgs

pkgs.python311Packages.starlette

Little ASGI framework that shines

nixos-unstable 0.40.0
- nixpkgs-unstable 0.40.0
- nixos-unstable-small 0.40.0

pkgs.python312Packages.starlette

Little ASGI framework that shines

nixos-unstable 0.40.0
- nixpkgs-unstable 0.40.0
- nixos-unstable-small 0.40.0

pkgs.python311Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable 2.1.3
- nixpkgs-unstable 2.1.3
- nixos-unstable-small 2.1.3

pkgs.python311Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.python312Packages.sse-starlette

Server Sent Events for Starlette and FastAPI

nixos-unstable 2.1.3
- nixpkgs-unstable 2.1.3
- nixos-unstable-small 2.1.3

pkgs.python312Packages.starlette-wtf

Simple tool for integrating Starlette and WTForms

nixos-unstable 0.4.5
- nixpkgs-unstable 0.4.5
- nixos-unstable-small 0.4.5

pkgs.python311Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable 0.14.1
- nixpkgs-unstable 0.14.1
- nixos-unstable-small 0.14.1

pkgs.python312Packages.starlette-admin

Fast, beautiful and extensible administrative interface framework for Starlette & FastApi applications

nixos-unstable 0.14.1
- nixpkgs-unstable 0.14.1
- nixos-unstable-small 0.14.1

pkgs.python311Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

pkgs.python312Packages.starlette-context

Middleware for Starlette that allows you to store and access the context data of a request

nixos-unstable 0.3.6
- nixpkgs-unstable 0.3.6
- nixos-unstable-small 0.3.6

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@wd15 Daniel Wheeler <daniel.wheeler2@gmail.com>
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>
@vidister Fiona Weber <v@vidister.de>
@n0emis Ember Keske <nixpkgs@n0emis.network>
@johannwagner Johann Wagner <nix@wagner.digital>
@yu-re-ka Yureka <yuka@yuka.dev>

Permalink CVE-2025-22696

5.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 year, 2 months ago

WordPress Document Block – Upload & Embed Docs, PDF, PPT, XLS or Any Documents plugin <= 1.1.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EmbedPress Document Block – Upload & Embed Docs. This issue affects Document Block – Upload & Embed Docs: from n/a through 1.1.0.