UBUNTU-CVE-2016-8605

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-8605

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-8605.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-8605

Related

CVE-2016-8605

Published

2017-01-12T22:59:00Z

Modified

2024-10-15T14:05:54Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

References

Affected packages

Ubuntu:Pro:16.04:LTS / guile-2.0

Package

Name: guile-2.0
Purl: pkg:deb/ubuntu/guile-2.0?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.0.11+1-9ubuntu1

2.0.11+1-10

2.0.11+1-10ubuntu0.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / guile-1.8

Package

Name: guile-1.8
Purl: pkg:deb/ubuntu/guile-1.8?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.8+1-10ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}