Описание
Security update for guile
This update for guile fixes the following issues:
- CVE-2016-8605: Fixed thread-unsafe umask modification (bsc#1004221).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Desktop 12 SP2
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Server 12 SP1
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Server 12 SP2
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Server for SAP Applications 12 SP1
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Server for SAP Applications 12 SP2
guile-2.0.9-8.3
guile-modules-2_0-2.0.9-8.3
libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Software Development Kit 12 SP1
guile-devel-2.0.9-8.3
libguilereadline-v-18-18-2.0.9-8.3
SUSE Linux Enterprise Software Development Kit 12 SP2
guile-devel-2.0.9-8.3
libguilereadline-v-18-18-2.0.9-8.3
Ссылки
- Link for SUSE-SU-2017:0398-1
- E-Mail link for SUSE-SU-2017:0398-1
- SUSE Security Ratings
- SUSE Bug 1004221
- SUSE CVE CVE-2016-8605 page
Описание
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:guile-2.0.9-8.3
SUSE Linux Enterprise Desktop 12 SP1:guile-modules-2_0-2.0.9-8.3
SUSE Linux Enterprise Desktop 12 SP1:libguile-2_0-22-2.0.9-8.3
SUSE Linux Enterprise Desktop 12 SP2:guile-2.0.9-8.3
Ссылки
- CVE-2016-8605
- SUSE Bug 1004221