SUSE-SU-2026:0830-1

Опубликовано: 05 мар. 2026

Источник: suse-cvrf

Описание

Security update for ocaml

This update for ocaml fixes the following issues:

CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992).

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP7

ocaml-4.14.2-150600.3.3.1

ocaml-compiler-libs-4.14.2-150600.3.3.1

ocaml-compiler-libs-devel-4.14.2-150600.3.3.1

ocaml-ocamldoc-4.14.2-150600.3.3.1

ocaml-runtime-4.14.2-150600.3.3.1

SUSE Linux Enterprise Server 15 SP6-LTSS

ocaml-4.14.2-150600.3.3.1

ocaml-compiler-libs-4.14.2-150600.3.3.1

ocaml-compiler-libs-devel-4.14.2-150600.3.3.1

ocaml-ocamldoc-4.14.2-150600.3.3.1

ocaml-runtime-4.14.2-150600.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15 SP6

ocaml-4.14.2-150600.3.3.1

ocaml-compiler-libs-4.14.2-150600.3.3.1

ocaml-compiler-libs-devel-4.14.2-150600.3.3.1

ocaml-ocamldoc-4.14.2-150600.3.3.1

ocaml-runtime-4.14.2-150600.3.3.1

openSUSE Leap 15.6

ocaml-4.14.2-150600.3.3.1

ocaml-compiler-libs-4.14.2-150600.3.3.1

ocaml-compiler-libs-devel-4.14.2-150600.3.3.1

ocaml-ocamldoc-4.14.2-150600.3.3.1

ocaml-runtime-4.14.2-150600.3.3.1

ocaml-source-4.14.2-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260830-1/
Link for SUSE-SU-2026:0830-1
https://lists.suse.com/pipermail/sle-security-updates/2026-March/024629.html
E-Mail link for SUSE-SU-2026:0830-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1258992
SUSE Bug 1258992
https://www.suse.com/security/cve/CVE-2026-28364/
SUSE CVE CVE-2026-28364 page

Описание

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

Затронутые продукты

SUSE Linux Enterprise Module for Development Tools 15 SP7:ocaml-4.14.2-150600.3.3.1

SUSE Linux Enterprise Module for Development Tools 15 SP7:ocaml-compiler-libs-4.14.2-150600.3.3.1

SUSE Linux Enterprise Module for Development Tools 15 SP7:ocaml-compiler-libs-devel-4.14.2-150600.3.3.1

SUSE Linux Enterprise Module for Development Tools 15 SP7:ocaml-ocamldoc-4.14.2-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-28364.html
CVE-2026-28364
https://bugzilla.suse.com/1258992
SUSE Bug 1258992

SUSE-SU-2026:0830-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Development Tools 15 SP7

SUSE Linux Enterprise Server 15 SP6-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2026-28364

Описание

Затронутые продукты

Ссылки