Security update for guile1
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:2643-1
Final
1
1
2016-10-26T08:25:34Z
current
2016-10-26T08:25:34Z
2016-10-26T08:25:34Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for guile1
This update for guile1 fixes the following issue:
- CVE-2016-8605: Thread-unsafe umask modification (bsc#1004221).
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
http://lists.opensuse.org/opensuse-updates/2016-10/msg00096.html
E-Mail link for openSUSE-SU-2016:2643-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE 13.2
guile1-1.8.8-16.3.1
guile1-debuginfo-1.8.8-16.3.1
guile1-debugsource-1.8.8-16.3.1
libguile-srfi-srfi-1-v-3-3-1.8.8-16.3.1
libguile-srfi-srfi-1-v-3-3-debuginfo-1.8.8-16.3.1
libguile-srfi-srfi-13-14-v-3-3-1.8.8-16.3.1
libguile-srfi-srfi-13-14-v-3-3-debuginfo-1.8.8-16.3.1
libguile-srfi-srfi-4-v-3-3-1.8.8-16.3.1
libguile-srfi-srfi-4-v-3-3-debuginfo-1.8.8-16.3.1
libguile-srfi-srfi-60-v-2-2-1.8.8-16.3.1
libguile-srfi-srfi-60-v-2-2-debuginfo-1.8.8-16.3.1
libguile1-devel-1.8.8-16.3.1
libguile17-1.8.8-16.3.1
libguile17-debuginfo-1.8.8-16.3.1
libguilereadline-v-17-17-1.8.8-16.3.1
libguilereadline-v-17-17-debuginfo-1.8.8-16.3.1
guile1-1.8.8-16.3.1 as a component of openSUSE 13.2
guile1-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
guile1-debugsource-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-1-v-3-3-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-1-v-3-3-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-13-14-v-3-3-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-13-14-v-3-3-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-4-v-3-3-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-4-v-3-3-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-60-v-2-2-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile-srfi-srfi-60-v-2-2-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile1-devel-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile17-1.8.8-16.3.1 as a component of openSUSE 13.2
libguile17-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
libguilereadline-v-17-17-1.8.8-16.3.1 as a component of openSUSE 13.2
libguilereadline-v-17-17-debuginfo-1.8.8-16.3.1 as a component of openSUSE 13.2
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
CVE-2016-8605
openSUSE 13.2:guile1-1.8.8-16.3.1
openSUSE 13.2:guile1-debuginfo-1.8.8-16.3.1
openSUSE 13.2:guile1-debugsource-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-1-v-3-3-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-1-v-3-3-debuginfo-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-13-14-v-3-3-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-13-14-v-3-3-debuginfo-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-4-v-3-3-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-4-v-3-3-debuginfo-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-60-v-2-2-1.8.8-16.3.1
openSUSE 13.2:libguile-srfi-srfi-60-v-2-2-debuginfo-1.8.8-16.3.1
openSUSE 13.2:libguile1-devel-1.8.8-16.3.1
openSUSE 13.2:libguile17-1.8.8-16.3.1
openSUSE 13.2:libguile17-debuginfo-1.8.8-16.3.1
openSUSE 13.2:libguilereadline-v-17-17-1.8.8-16.3.1
openSUSE 13.2:libguilereadline-v-17-17-debuginfo-1.8.8-16.3.1
low
3.2
AV:L/AC:L/Au:S/C:P/I:P/A:N
Please Install the update.
http://lists.opensuse.org/opensuse-updates/2016-10/msg00096.html
https://www.suse.com/security/cve/CVE-2016-8605.html
CVE-2016-8605
https://bugzilla.suse.com/1004221
SUSE Bug 1004221