CentOS ProjectCESA-2016:1296ocaml security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
89.5%
CentOS Errata and Security Advisory CESA-2016:1296
OCaml is a high-level, strongly-typed, functional, and object-oriented
programming language from the ML family of languages. The ocaml packages
contain two batch compilers (a fast bytecode compiler and an optimizing
native-code compiler), an interactive top level system, parsing tools
(Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and
a comprehensive library.
Security Fix(es):
- OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit
platforms, causes size arguments to internal memmove calls to be
sign-extended from 32- to 64-bits before being passed to the memmove
function. This leads to arguments between 2GiB and 4GiB being interpreted
as larger than they are (specifically, a bit below 2^64), causing a
buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted
as 4GiB smaller than they should be, causing a possible information
leak. (CVE-2015-8869)
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2016-June/084095.html
Affected packages:
ocaml
ocaml-camlp4
ocaml-camlp4-devel
ocaml-compiler-libs
ocaml-docs
ocaml-emacs
ocaml-labltk
ocaml-labltk-devel
ocaml-ocamldoc
ocaml-runtime
ocaml-source
ocaml-x11
Upstream details at:
https://access.redhat.com/errata/RHSA-2016:1296
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 7 | x86_64 | ocaml | < 4.01.0-22.7.el7_2 | ocaml-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-camlp4 | < 4.01.0-22.7.el7_2 | ocaml-camlp4-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-camlp4-devel | < 4.01.0-22.7.el7_2 | ocaml-camlp4-devel-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-compiler-libs | < 4.01.0-22.7.el7_2 | ocaml-compiler-libs-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-docs | < 4.01.0-22.7.el7_2 | ocaml-docs-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-emacs | < 4.01.0-22.7.el7_2 | ocaml-emacs-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-labltk | < 4.01.0-22.7.el7_2 | ocaml-labltk-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-labltk-devel | < 4.01.0-22.7.el7_2 | ocaml-labltk-devel-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-ocamldoc | < 4.01.0-22.7.el7_2 | ocaml-ocamldoc-4.01.0-22.7.el7_2.x86_64.rpm |
| CentOS | 7 | x86_64 | ocaml-runtime | < 4.01.0-22.7.el7_2 | ocaml-runtime-4.01.0-22.7.el7_2.x86_64.rpm |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
89.5%