GCVE-VVD-MAGEIA-2021-340 — Vulnetix

GCVE-VVD-MAGEIA-2021-340

Advisory Published

Vulnetix · Advisory published July 12, 2021

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected (CVE-2016-8605).

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	guile1.8	0 (affected), 1.8.8-25.1.mga7 (unaffected)	—

Aliases

Transitive aliases

OPENSUSE-SU-2024:10415-1 EUVD-2016-9453 VVD-MAGEIA-2016-354 SUSE-SU-2020:1659-1 EUVD-2016-9452 CNVD-2016-09852 OPENSUSE-SU-2024:10389-1 SUSE-SU-2017:0394-1 GHSA-jxp8-7966-cm98 CVE-2016-8606 GHSA-vqrx-mf37-8x6h GSD-2016-8605 SUSE-SU-2017:0398-1

References

Updated guile1.8 packages fix security vulnerabilities

advisory

Updated guile1.8 packages fix security vulnerabilities

issue

Updated guile1.8 packages fix security vulnerabilities

issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON

$ Console Community · 100/wk Open console ›