Описание
Security update for guile
This update for guile fixes the following issues:
- CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
guile-1.8.5-24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
guile-1.8.5-24.1
SUSE Linux Enterprise Software Development Kit 11 SP4
guile-devel-1.8.5-24.1
Ссылки
- Link for SUSE-SU-2017:0394-1
- E-Mail link for SUSE-SU-2017:0394-1
- SUSE Security Ratings
- SUSE Bug 1004221
- SUSE CVE CVE-2016-8605 page
Описание
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:guile-1.8.5-24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:guile-1.8.5-24.1
SUSE Linux Enterprise Software Development Kit 11 SP4:guile-devel-1.8.5-24.1
Ссылки
- CVE-2016-8605
- SUSE Bug 1004221