1. Ubuntu Security Notices
  2. USN-7633-1

USN-7633-1: Nix vulnerabilities

Publication date

14 July 2025

Overview

Several security issues were fixed in Nix.

Releases

Packages

  • nix - Cross-platform package manager

Details

Linus Heckemann discovered that Nix did not correctly handle certain
binaries. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-38531)

Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS
certificates. A remote attacker could possibly use this issue to leak
sensitive information. (CVE-2024-47174)

It was discovered that Nix did not correctly handle Unix sockets. An
attacker could possibly use this issue execute arbitrary code. This issue
only affected Ubuntu 24.04 LTS. (CVE-2024-27297)

It was discovered that Nix did not correctly handle unpacking Nix
archives (NARS). If a user or automated system were tricked into opening
a specially crafted file, an attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (

Linus Heckemann discovered that Nix did not correctly handle certain
binaries. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-38531)

Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS
certificates. A remote attacker could possibly use this issue to leak
sensitive information. (CVE-2024-47174)

It was discovered that Nix did not correctly handle Unix sockets. An
attacker could possibly use this issue execute arbitrary code. This issue
only affected Ubuntu 24.04 LTS. (CVE-2024-27297)

It was discovered that Nix did not correctly handle unpacking Nix
archives (NARS). If a user or automated system were tricked into opening
a specially crafted file, an attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2024-45593)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 noble nix-bin –  2.18.1+dfsg-1ubuntu5+esm2  
22.04 jammy nix-bin –  2.6.0+dfsg-3ubuntu0.1~esm1  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›