|
|
Subscribe / Log in / New account

ocaml: information leak

Package(s):ocaml CVE #(s):CVE-2015-8869
Created:May 12, 2016 Updated:February 21, 2017
Description: From the Debian-LTS advisory:

OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak.

Alerts:
Oracle ELSA-2016-2576 libguestfs 2016-11-10
Red Hat RHSA-2016:2576-02 libguestfs and virt-p2v 2016-11-03
Arch Linux ASA-201610-17 ocaml 2016-10-24
Gentoo 201702-15 ocaml 2017-02-21
openSUSE openSUSE-SU-2016:2273-1 ocaml 2016-09-09
Scientific Linux SLSA-2016:1296-1 ocaml 2016-07-06
Oracle ELSA-2016-1296 ocaml 2016-06-23
CentOS CESA-2016:1296 ocaml 2016-06-23
Red Hat RHSA-2016:1296-01 ocaml 2016-06-23
openSUSE openSUSE-SU-2016:1335-1 ocaml 2016-05-18
Fedora FEDORA-2016-78ad11154f ocaml 2016-05-15
Debian-LTS DLA-466-1 ocaml 2016-05-11
Scientific Linux SLSA-2016:2576-2 libguestfs and virt-p2v 2016-12-14
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds