SUSE-SU-2018:0983-1

Опубликовано: 19 апр. 2018

Источник: suse-cvrf

Описание

Security update for ocaml

This update for ocaml fixes the following issues:

CVE-2018-9838: Integer overflows when unmarshaling a bigarray data could result in a bigarray with impossibly large dimensions leading to overflow when computing the in-memory size of the bigarray. [bsc#1088591]

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP3

ocaml-4.03.0-8.3.1

ocaml-compiler-libs-4.03.0-8.3.1

ocaml-rpm-macros-4.03.0-8.3.1

ocaml-runtime-4.03.0-8.3.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20180983-1/
Link for SUSE-SU-2018:0983-1
https://lists.suse.com/pipermail/sle-security-updates/2018-April/003901.html
E-Mail link for SUSE-SU-2018:0983-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1088591
SUSE Bug 1088591
https://www.suse.com/security/cve/CVE-2018-9838/
SUSE CVE CVE-2018-9838 page

Описание

The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 12 SP3:ocaml-4.03.0-8.3.1

SUSE Linux Enterprise Software Development Kit 12 SP3:ocaml-compiler-libs-4.03.0-8.3.1

SUSE Linux Enterprise Software Development Kit 12 SP3:ocaml-rpm-macros-4.03.0-8.3.1

SUSE Linux Enterprise Software Development Kit 12 SP3:ocaml-runtime-4.03.0-8.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-9838.html
CVE-2018-9838
https://bugzilla.suse.com/1088591
SUSE Bug 1088591

SUSE-SU-2018:0983-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP3

Ссылки

Уязвимость: CVE-2018-9838

Описание

Затронутые продукты

Ссылки