Hi everyone, A potential security issue has been identified in Guix's glibc package. The GUIX_LOCPATH environment variable Guix adds to glibc was not unset in privileged settings. This could lead to potential security issues.
This has been addressed in commit <https://codeberg.org/guix/guix/commit/d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b> with a graft to glibc. A CVE number is pending. Our thanks to Stefan for bringing this to our attention. It is strongly recommended to do a "guix pull", update your profiles, reconfigure the system (for Guix system users), and reboot. This will ensure the updated glibc is used everywhere. For further details or to discuss this issue, please see <https://codeberg.org/guix/guix/pulls/6575>. Thanks everyone! John (on behalf of guix-security; more volunteers needed!) PS: You can expect to see many grafts in most packages due to this change. I'll be working on getting an ungrafted branch built to be merged as soon as possible.
