news: Announce potential security issue in glibc package.

* etc/news.scm: Add entry. Change-Id: Iea4883d83cae7dee937d46d534cfa8dad17b1028
2026-04-06 13:10:33 +02:00 · 2026-02-20 01:16:13 -05:00
parent d659fe8666
commit 4d1291eaaa
1 changed files with 10 additions and 0 deletions
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -42,6 +42,16 @@
 (channel-news
 (version 0)

+ (entry (commit "d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b")
+        (title
+         (en "Potential security vulnerability in glibc"))
+        (body
+         (en "Guix adds the environment variable @code{GUIX_LOCPATH} to glibc,
+however it was not added to potentially unsafe variables to be unset in
+privileged environments.  A CVE number is pending for this issue.  This has
+been fixed with a graft to glibc and users should update all profiles,
+reconfigure their system, and reboot.")))
+
 (entry (commit "6d4cb99a15da7f4fd55f956c55f4f4aacfcc7742")
        (title
         (en "@code{%desktop-services} now includes GDM on AArch64")