Puckipedia

**Name of the Vulnerable Software and Affected Versions** Nix versions prior to 2.18.9 Nix versions prior to 2.19.7 Nix versions prior to 2.20.9 Nix versions prior to 2.21.5 Nix versions prior to 2.22.4 Nix versions prior to 2.23.4 Nix versions prior to 2.24.10 **Description** The issue concerns the Nix package manager for Linux and Unix systems, specifically on macOS. Built-in builders, such as `builtin:fetchurl` (exposed to users with `import <nix/fetchurl.nix>`), were not executed within the macOS sandbox. This resulted in these builders having read access to world-readable paths and write access to world-writable paths outside of the sandbox. The Nix sandbox is primarily intended to improve reproducibility and purity of Nix builds, but it can also mitigate the impact of other security issues by limiting access to the host system. **Recommendations** For versions prior to 2.18.9, update to version 2.18.9 or later. For versions prior to 2.19.7, update to version 2.19.7 or later. For versions prior to 2.20.9, update to version 2.20.9 or later. For versions prior to 2.21.5, update to version 2.21.5 or later. For versions prior to 2.22.4, update to version 2.22.4 or later. For versions prior to 2.23.4, update to version 2.23.4 or later. For versions prior to 2.24.10, update to version 2.24.10 or later.

Name of the Vulnerable Software and Affected Versions: Nix versions 2.24 through 2.24.5 Nix version 2.24 prior to 2.24.6 Description: A bug in Nix allows a substituter or malicious user to craft a NAR that, when unpacked by Nix, causes Nix to write to arbitrary file system locations to which the Nix process has access. This will be with root permissions when using the Nix daemon. The issue is related to improper restriction of the directory path name with limited access. Exploitation of the issue may allow a remote attacker to overwrite arbitrary files in the system. Recommendations: For Nix versions 2.24 through 2.24.5, update to Nix 2.24.6 to patch the bug. For Nix version 2.24 prior to 2.24.6, update to Nix 2.24.6 to fix the issue. As a temporary workaround, consider restricting access to the Nix daemon to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nix versions prior to 2.3.18 Nix versions prior to 2.18.2 Nix versions prior to 2.19.4 Nix versions prior to 2.20.5 **Description** The issue is related to errors in synchronization when using a shared resource in the Nix package manager for Unix operating systems. Exploitation of this issue may allow a remote attacker to modify the output of packages in the Nix store. This can be achieved by sending file descriptors to files in the Nix store to another program running on the host via Unix domain sockets in the abstract namespace, allowing the modification of the output of fixed-output derivations after Nix has registered the path as valid and immutable in the Nix database. **Recommendations** For versions prior to 2.3.18, upgrade to version 2.3.18 or later. For versions prior to 2.18.2, upgrade to version 2.18.2 or later. For versions prior to 2.19.4, upgrade to version 2.19.4 or later. For versions prior to 2.20.5, upgrade to version 2.20.5 or later. As a temporary workaround, consider restricting access to the Nix store to minimize the risk of exploitation. Users can update to the latest version using the command `nixos-rebuild switch --flake flake path directory#hostname` or `nix flake update --extra-experimental-features "nix-command flakes"`.

**Name of the Vulnerable Software and Affected Versions** Mastodon versions 1.6.0 through 3.3.2 Mastodon versions 3.4.x through 3.4.5 **Description** The issue is related to incorrect access control due to the failure to compact incoming signed JSON-LD activities. JSON-LD signing has been supported since version 1.6.0. **Recommendations** For Mastodon versions 1.6.0 through 3.3.2, update to version 3.3.2 or later. For Mastodon versions 3.4.x through 3.4.5, update to version 3.4.6 or later.