ASA-201610-10 - log back

ASA-201610-10 created at 25 Sep 2019 19:32:14
+ - CVE-2016-8606 (arbitrary code execution)
+ Bind the REPL server to a Unix-domain socket.
+ guile --listen=/tmp/guile-socket
+ A remote attacker is able to execute arbitrary code via a HTTP inter-protocol attack if the REPL server is listening on a loopback device or private network.
+ Running a multi-threaded guile application can cause directories or files to be created with world readable/writable/executable permissions during a small window which leads to information disclosure.