Updated guile1.8 packages fix security vulnerabilities
Publication date: 12 Jul 2021Modification date: 12 Jul 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2016-8605
Description
The mkdir procedure of GNU Guile temporarily changed the process' umask to
zero. During that time window, in a multithreaded application, other threads
could end up creating files with insecure permissions. For example, mkdir
without the optional mode argument would create directories as 0777. This is
fixed in Guile 2.0.13. Prior versions are affected (CVE-2016-8605).
References
SRPMS
7/core
- guile1.8-1.8.8-25.1.mga7