CVE-2016-8606

GNU Guile 2.0.12’s REPL server --listen is vulnerable to an HTTP inter-protocol attack that can lead to remote arbitrary code execution when the REPL server is bound to a loopback or private network. Multiple external sources (Arch Linux ASA, Debian security tracker, and F5 advisory) confirm CVE-...

CVE-2016-8605

CVE-2016-8605 affects GNU Guile: the mkdir path temporarily changes the process umask to 0, allowing a race in multithreaded apps to create files with insecure permissions (e.g., 0777) in affected versions prior to Guile 2.0.13; remediation is upgrading to Guile 2.0.13 or later. Related CVE-2016-...