Scientific Linux alert SLSA-2016:1296-1 (ocaml)
| From: | Kevin Hill <kevinh@fnal.gov> | |
| To: | <scientific-linux-errata@listserv.fnal.gov> | |
| Subject: | Security ERRATA Moderate: ocaml on SL7.x x86_64 | |
| Date: | Wed, 6 Jul 2016 21:49:22 +0000 | |
| Message-ID: | <20160706214922.28928.72715@slpackages.fnal.gov> |
Synopsis: Moderate: ocaml security update Advisory ID: SLSA-2016:1296-1 Issue Date: 2016-06-23 CVE Numbers: CVE-2015-8869 -- Security Fix(es): * OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign- extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. (CVE-2015-8869) -- SL7 x86_64 ocaml-4.01.0-22.7.el7_2.x86_64.rpm ocaml-camlp4-4.01.0-22.7.el7_2.x86_64.rpm ocaml-camlp4-devel-4.01.0-22.7.el7_2.x86_64.rpm ocaml-compiler-libs-4.01.0-22.7.el7_2.x86_64.rpm ocaml-debuginfo-4.01.0-22.7.el7_2.x86_64.rpm ocaml-docs-4.01.0-22.7.el7_2.x86_64.rpm ocaml-emacs-4.01.0-22.7.el7_2.x86_64.rpm ocaml-labltk-4.01.0-22.7.el7_2.x86_64.rpm ocaml-labltk-devel-4.01.0-22.7.el7_2.x86_64.rpm ocaml-ocamldoc-4.01.0-22.7.el7_2.x86_64.rpm ocaml-runtime-4.01.0-22.7.el7_2.x86_64.rpm ocaml-source-4.01.0-22.7.el7_2.x86_64.rpm ocaml-x11-4.01.0-22.7.el7_2.x86_64.rpm Additionally, the 7.0 release required the following dependencies already updated in 7.1 and 7.2: x86_64 brlapi-0.6.0-9.el7.i686.rpm brlapi-0.6.0-9.el7.x86_64.rpm brlapi-devel-0.6.0-9.el7.i686.rpm brlapi-devel-0.6.0-9.el7.x86_64.rpm brlapi-java-0.6.0-9.el7.x86_64.rpm brltty-4.5-9.el7.x86_64.rpm brltty-at-spi-4.5-9.el7.x86_64.rpm brltty-docs-4.5-9.el7.noarch.rpm brltty-xw-4.5-9.el7.x86_64.rpm graphviz-2.30.1-19.el7.i686.rpm graphviz-2.30.1-19.el7.x86_64.rpm graphviz-devel-2.30.1-19.el7.i686.rpm graphviz-devel-2.30.1-19.el7.x86_64.rpm graphviz-doc-2.30.1-19.el7.x86_64.rpm graphviz-gd-2.30.1-19.el7.i686.rpm graphviz-gd-2.30.1-19.el7.x86_64.rpm graphviz-graphs-2.30.1-19.el7.x86_64.rpm graphviz-guile-2.30.1-19.el7.x86_64.rpm graphviz-java-2.30.1-19.el7.x86_64.rpm graphviz-lua-2.30.1-19.el7.x86_64.rpm graphviz-ocaml-2.30.1-19.el7.x86_64.rpm graphviz-perl-2.30.1-19.el7.x86_64.rpm graphviz-php-2.30.1-19.el7.x86_64.rpm graphviz-python-2.30.1-19.el7.x86_64.rpm graphviz-ruby-2.30.1-19.el7.x86_64.rpm graphviz-tcl-2.30.1-19.el7.i686.rpm graphviz-tcl-2.30.1-19.el7.x86_64.rpm hivex-1.3.10-5.7.sl7.i686.rpm hivex-1.3.10-5.7.sl7.x86_64.rpm hivex-devel-1.3.10-5.7.sl7.i686.rpm hivex-devel-1.3.10-5.7.sl7.x86_64.rpm ocaml-brlapi-0.6.0-9.el7.x86_64.rpm ocaml-calendar-2.03.2-5.el7.x86_64.rpm ocaml-calendar-devel-2.03.2-5.el7.x86_64.rpm ocaml-csv-1.2.3-6.el7.x86_64.rpm ocaml-csv-devel-1.2.3-6.el7.x86_64.rpm ocaml-curses-1.0.3-18.el7.x86_64.rpm ocaml-curses-devel-1.0.3-18.el7.x86_64.rpm ocaml-extlib-1.5.3-5.el7.x86_64.rpm ocaml-extlib-devel-1.5.3-5.el7.x86_64.rpm ocaml-fileutils-0.4.4-7.el7.x86_64.rpm ocaml-fileutils-devel-0.4.4-7.el7.x86_64.rpm ocaml-findlib-1.3.3-6.el7.x86_64.rpm ocaml-findlib-devel-1.3.3-6.el7.x86_64.rpm ocaml-gettext-0.3.4-13.el7.x86_64.rpm ocaml-gettext-devel-0.3.4-13.el7.x86_64.rpm ocaml-hivex-1.3.10-5.7.sl7.x86_64.rpm ocaml-hivex-devel-1.3.10-5.7.sl7.x86_64.rpm ocaml-labltk-devel-4.01.0-22.2.el7.x86_64.rpm ocaml-libguestfs-devel-1.28.1-1.18.el7.x86_64.rpm ocaml-libvirt-0.6.1.2-10.el7.x86_64.rpm ocaml-libvirt-devel-0.6.1.2-10.el7.x86_64.rpm ocaml-xml-light-2.3-0.6.svn234.el7.x86_64.rpm ocaml-xml-light-devel-2.3-0.6.svn234.el7.x86_64.rpm perl-hivex-1.3.10-5.7.sl7.x86_64.rpm python-brlapi-0.6.0-9.el7.x86_64.rpm python-hivex-1.3.10-5.7.sl7.x86_64.rpm ruby-hivex-1.3.10-5.7.sl7.x86_64.rpm tcl-brlapi-0.6.0-9.el7.x86_64.rpm - Scientific Linux Development Team