CVE-2016-8605 guile-2.0

Metadata

medium
5.0
guile-2.0
CVE-2016-8605
2017-06-18 07:04
v3.4/main/guile-2.0.11-r3
CVE-2016-8605 guile-1.8
CVE-2016-8605
2017-06-16 19:21
2017-05-07 01:03
2017-05-06 14:03
2017-04-01 19:11
2017-01-20 05:03
2017-01-14 05:03
2017-01-05 20:16

Description

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster guile-2.0 2.0.13+1-1
jessie guile-2.0 2.0.11+1-9+deb8u1
sid guile-2.0 2.0.13+1-1
stretch guile-2.0 2.0.13+1-1
wheezy guile-2.0 2.0.5+1-3+deb7u1