Lucene search
F5F5:K31130692HistoryFeb 22, 2017 - 12:00 a.m.
K31130692 : GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606
2017-02-2200:00:00
my.f5.com
17
Security Advisory Description
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
The REPL server (–listen) in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack.
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
nessus
nessus
Debian DLA-666-1 : guile-2.0 security update
2016-10-19 00:00:00
Fedora 24 : 5:guile (2016-34209c3a8e)
2016-10-19 00:00:00
RHEL 7 : guile (Unpatched Vulnerability)
2024-06-03 00:00:00
debian
debian
[SECURITY] [DLA 666-1] guile-2.0 security update
2016-10-18 22:18:18
osv
osv
guile-2.0 - security update
2016-10-18 00:00:00
guile-2.0.13-2.1 on GA media
2024-06-15 00:00:00
CVE-2016-8606
2017-01-12 22:59:00
openvas
openvas
Debian: Security Advisory (DLA-666-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0354)
2022-01-28 00:00:00
Fedora Update for guile FEDORA-2016-a47bf58beb
2016-11-14 00:00:00
archlinux
archlinux
[ASA-201610-10] guile: multiple issues
2016-10-16 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: guile-2.0.13-1.fc24
2016-10-18 15:56:56
[SECURITY] Fedora 25 Update: guile-2.0.13-1.fc25
2016-10-16 18:55:01
[SECURITY] Fedora 23 Update: guile-2.0.13-1.fc23
2016-10-22 00:53:17
mageia
mageia
Updated guile packages fix security vulnerability
2016-10-23 13:32:38
Updated guile1.8 packages fix security vulnerabilities
2021-07-12 23:26:21
freebsd
freebsd
guile2 -- multiple vulnerabilities
2016-10-12 00:00:00
alpinelinux
alpinelinux
CVE-2016-8606
2017-01-12 22:59:00
CVE-2016-8605
2017-01-12 22:59:00
debiancve
debiancve
CVE-2016-8606
2017-01-12 22:59:00
CVE-2016-8605
2017-01-12 22:59:00
redhatcve
redhatcve
CVE-2016-8606
2016-10-12 09:48:02
CVE-2016-8605
2016-10-12 09:47:57
cve
cve
CVE-2016-8606
2017-01-12 22:59:00
CVE-2016-8605
2017-01-12 22:59:00
prion
prion
Code injection
2017-01-12 22:59:00
Code injection
2017-01-12 22:59:00
ubuntucve
ubuntucve
CVE-2016-8606
2017-01-12 00:00:00
CVE-2016-8605
2017-01-12 00:00:00
nvd
nvd
CVE-2016-8606
2017-01-12 22:59:00
CVE-2016-8605
2017-01-12 22:59:00
cvelist
cvelist
CVE-2016-8606
2017-01-12 22:00:00
CVE-2016-8605
2017-01-12 22:00:00