Security update for guile SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0482-1 Final 1 1 2017-02-16T20:51:36Z current 2017-02-16T20:51:36Z 2017-02-16T20:51:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for guile This update for guile fixes the following issues: - CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-02/msg00070.html E-Mail link for openSUSE-SU-2017:0482-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 guile-2.0.9-8.1 guile-devel-2.0.9-8.1 guile-modules-2_0-2.0.9-8.1 libguile-2_0-22-2.0.9-8.1 libguilereadline-v-18-18-2.0.9-8.1 guile-2.0.9-8.1 as a component of openSUSE Leap 42.1 guile-devel-2.0.9-8.1 as a component of openSUSE Leap 42.1 guile-modules-2_0-2.0.9-8.1 as a component of openSUSE Leap 42.1 libguile-2_0-22-2.0.9-8.1 as a component of openSUSE Leap 42.1 libguilereadline-v-18-18-2.0.9-8.1 as a component of openSUSE Leap 42.1 guile-2.0.9-8.1 as a component of openSUSE Leap 42.2 guile-devel-2.0.9-8.1 as a component of openSUSE Leap 42.2 guile-modules-2_0-2.0.9-8.1 as a component of openSUSE Leap 42.2 libguile-2_0-22-2.0.9-8.1 as a component of openSUSE Leap 42.2 libguilereadline-v-18-18-2.0.9-8.1 as a component of openSUSE Leap 42.2 The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected. CVE-2016-8605 openSUSE Leap 42.1:guile-2.0.9-8.1 openSUSE Leap 42.1:guile-devel-2.0.9-8.1 openSUSE Leap 42.1:guile-modules-2_0-2.0.9-8.1 openSUSE Leap 42.1:libguile-2_0-22-2.0.9-8.1 openSUSE Leap 42.1:libguilereadline-v-18-18-2.0.9-8.1 openSUSE Leap 42.2:guile-2.0.9-8.1 openSUSE Leap 42.2:guile-devel-2.0.9-8.1 openSUSE Leap 42.2:guile-modules-2_0-2.0.9-8.1 openSUSE Leap 42.2:libguile-2_0-22-2.0.9-8.1 openSUSE Leap 42.2:libguilereadline-v-18-18-2.0.9-8.1 low 3.2 AV:L/AC:L/Au:S/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00070.html https://www.suse.com/security/cve/CVE-2016-8605.html CVE-2016-8605 https://bugzilla.suse.com/1004221 SUSE Bug 1004221