[3.4] guile: multiple issues (CVE-2016-8605, CVE-2016-8606)ID: oval:org.secpod.oval:def:1800026 | Date: (C)2018-03-29 (M)2024-01-03 |
Class: PATCH | Family: unix |
CVE-2016-8605: Thread-unsafe umask modification. The mkdir procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process" umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. Fixed In Version: guile 2.0.13 CVE-2016-8606: REPL server vulnerable to HTTP inter-protocol attacks. The REPL server is vulnerable to the HTTP inter-protocol attack This constitutes a remote code execution vulnerability for developers running a REPL server that listens on a loopback device or private network. Applications that do not run a REPL server, as is usually the case, are unaffected. Fixed In Version: guile 2.0.13.
Platform: |
Alpine Linux 3.4 |