Linux Distros Unpatched Vulnerability : CVE-2016-8606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack. CVE-2016-8606 Note that Nessus reli...

RHEL 7 : guile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - guile: REPL server vulnerable to HTTP inter-protocol attacks CVE-2016-8606 - The mkdir procedure of GNU...

K31130692: GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606

Security Advisory Description CVE-2016-8605 The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

GNU Guile 2.0.12’s REPL server --listen is vulnerable to an HTTP inter-protocol attack that can lead to remote arbitrary code execution when the REPL server is bound to a loopback or private network. Multiple external sources (Arch Linux ASA, Debian security tracker, and F5 advisory) confirm CVE-...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

Fedora Update for guile FEDORA-2016-0aab71f552

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 25 : 5:guile (2016-0aab71f552)

Update to the latest stable release, which fixes CVE-2016-8605 and CVE-2016-8606. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for guile FEDORA-2016-a47bf58beb

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : guile (openSUSE-2016-1235)

This update for guile fixes the following issues : - CVE-2016-8606: REPL server vulnerable to HTTP inter-protocol attacks bsc1004226. - CVE-2016-8605: Thread-unsafe umask modification bsc1004221. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

Debian DLA-666-1 : guile-2.0 security update

Several vulnerabilities were discovered in GNU Guile, an implementation of the Scheme programming language. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-8605: The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that...

Fedora 24 : 5:guile (2016-34209c3a8e)

Update to the latest stable release, which fixes CVE-2016-8605 and CVE-2016-8606. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...