RHEL 7 : guile (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - guile: REPL server vulnerable to HTTP inter-protocol attacks CVE-2016-8606 - The mkdir procedure of GNU...

K31130692: GNU Guile vulnerabilities CVE-2016-8605 and CVE-2016-8606

Security Advisory Description CVE-2016-8605 The mkdir procedure of GNU Guile temporarily changed the process umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode...

SUSE CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

Code injection

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

ALPINE-CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

Removed by vendor...

CVE-2016-8606

GNU Guile 2.0.12’s REPL server --listen is vulnerable to an HTTP inter-protocol attack that can lead to remote arbitrary code execution when the REPL server is bound to a loopback or private network. Multiple external sources (Arch Linux ASA, Debian security tracker, and F5 advisory) confirm CVE-...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

openSUSE Security Update : guile (openSUSE-2016-1235)

This update for guile fixes the following issues : - CVE-2016-8606: REPL server vulnerable to HTTP inter-protocol attacks bsc1004226. - CVE-2016-8605: Thread-unsafe umask modification bsc1004221. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

DLA-666-1 guile-2.0 - security update

Bulletin has no description...

CVE-2016-8606

A vulnerability was found in guile's REPL server --listen, making it vulnerable to HTTP inter-protocol attacks. A crafted website, when visited by a developer with an instance of the REPL server, could cause arbitrary code execution within the guile scheme interpreter...