Medium severity5.3NVD Advisory· Published Jan 12, 2017· Updated Jun 17, 2026
CVE-2016-8605
CVE-2016-8605
Description
The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*
- osv-coords21 versionspkg:rpm/opensuse/guile1&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/guile&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/lilypond&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/guile1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/guile1&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/guile1&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4pkg:rpm/suse/guile1&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/guile1&distro=SUSE%20Package%20Hub%2015%20SP4pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1pkg:rpm/suse/guile&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/lilypond&distro=SUSE%20Package%20Hub%2015%20SP4
< 2.2.6-bp154.3.3.1+ 20 more
- (no CPE)range: < 2.2.6-bp154.3.3.1
- (no CPE)range: < 2.0.13-2.1
- (no CPE)range: < 2.24.1-bp154.2.3.2
- (no CPE)range: < 1.8.8-16.4.39
- (no CPE)range: < 1.8.8-16.4.39
- (no CPE)range: < 1.8.8-16.4.39
- (no CPE)range: < 1.8.8-16.4.39
- (no CPE)range: < 2.2.6-bp154.3.3.1
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 1.8.5-24.1
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 1.8.5-24.1
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 1.8.5-24.1
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 2.0.9-8.3
- (no CPE)range: < 2.24.1-bp154.2.3.2
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2016/10/12/1nvdMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/93510nvdThird Party AdvisoryVDB Entry
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QTAGSDCTYXTABAA77BQJGNKOOBRV4DK/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNVE5N24FLWDYBQ3LAFMF6BFCWKDO7VM/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJP5S36GTXMDEBXWF6LKKV76DSLNQG44/nvd
News mentions
0No linked articles in our index yet.