Vulnerabilities in NetworkManager-libreswan and guix-daemon allow for privilege escalation in the system

A vulnerability (CVE-2024-9050) has been identified in the NetworkManager-libreswan plugin, which adds VPN functionality to NetworkManager for connections to Libreswan and Cisco IPsec servers. This vulnerability can be exploited by a local user to elevate their privileges. The vulnerability has been fixed in NetworkManager-libreswan 1.2.24.

Another vulnerability has been discovered in the guix-daemon background process used in GNU Guix-based distributions. This vulnerability poses a threat to multi-user systems and allows a local user to gain the privileges of the build user and modify the package build result.

Linux / Linux users should be aware of this security threat.

Vulnerabilities in NetworkManager-libreswan and guix-daemon allow for privilege escalation in the system

Fugitives Break Out of Detention Center, Police Launch Manhunt

That's all.