VDB

GCVE-110-MAGEIA-2016-354

GCVE-110-MAGEIA-2016-354
Advisory Published
Vulnetix · Advisory published October 23, 2016
The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions (CVE-2016-8605). GNU Guile, an implementation of the Scheme language, provides a “REPL server” which is a command prompt that developers can connect to for live coding and debugging purposes. The REPL server is vulnerable to the HTTP inter-protocol attack. This constitutes a remote code execution vulnerability for developers running a REPL server that listens on a loopback device or private network (CVE-2016-8606). The guile package has been updated to version 2.0.13, fixing these issues and other bugs. See the upstream release announcements for details.

Affected Products

VendorProductVersionsPlatforms
Mageiaguile2.0.13-1.mga5 (unaffected), 0 (affected)

Browse GCVE Records

73,161 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›