MGASA-2021-0021 - Updated guava packages fix security vulnerability Publication date: 10 Jan 2021 URL: https://advisories.mageia.org/MGASA-2021-0021.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-8908 A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open (CVE-2020-8908). References: - https://bugs.mageia.org/show_bug.cgi?id=27965 - https://bugzilla.redhat.com/show_bug.cgi?id=1906919 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8908 SRPMS: - 7/core/guava-25.0-2.1.mga7