guile1-1.8.8-19.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10415-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z guile1-1.8.8-19.3 on GA media These are all security issues fixed in the guile1-1.8.8-19.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10415 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-8605/ SUSE CVE CVE-2016-8605 page openSUSE Tumbleweed guile1-1.8.8-19.3 libguile-srfi-srfi-1-v-3-3-1.8.8-19.3 libguile-srfi-srfi-13-14-v-3-3-1.8.8-19.3 libguile-srfi-srfi-4-v-3-3-1.8.8-19.3 libguile-srfi-srfi-60-v-2-2-1.8.8-19.3 libguile1-devel-1.8.8-19.3 libguile17-1.8.8-19.3 libguilereadline-v-17-17-1.8.8-19.3 guile1-1.8.8-19.3 as a component of openSUSE Tumbleweed libguile-srfi-srfi-1-v-3-3-1.8.8-19.3 as a component of openSUSE Tumbleweed libguile-srfi-srfi-13-14-v-3-3-1.8.8-19.3 as a component of openSUSE Tumbleweed libguile-srfi-srfi-4-v-3-3-1.8.8-19.3 as a component of openSUSE Tumbleweed libguile-srfi-srfi-60-v-2-2-1.8.8-19.3 as a component of openSUSE Tumbleweed libguile1-devel-1.8.8-19.3 as a component of openSUSE Tumbleweed libguile17-1.8.8-19.3 as a component of openSUSE Tumbleweed libguilereadline-v-17-17-1.8.8-19.3 as a component of openSUSE Tumbleweed The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. CVE-2016-8605 openSUSE Tumbleweed:guile1-1.8.8-19.3 openSUSE Tumbleweed:libguile-srfi-srfi-1-v-3-3-1.8.8-19.3 openSUSE Tumbleweed:libguile-srfi-srfi-13-14-v-3-3-1.8.8-19.3 openSUSE Tumbleweed:libguile-srfi-srfi-4-v-3-3-1.8.8-19.3 openSUSE Tumbleweed:libguile-srfi-srfi-60-v-2-2-1.8.8-19.3 openSUSE Tumbleweed:libguile1-devel-1.8.8-19.3 openSUSE Tumbleweed:libguile17-1.8.8-19.3 openSUSE Tumbleweed:libguilereadline-v-17-17-1.8.8-19.3 low 3.2 AV:L/AC:L/Au:S/C:P/I:P/A:N 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-8605.html CVE-2016-8605 https://bugzilla.suse.com/1004221 SUSE Bug 1004221