Ubuntu Security Notice 3437-1 - Radek Micek discovered that OCaml incorrectly handled sign extensions. A remote attacker could use this issue to cause applications using OCaml to crash, to possibly obtain sensitive information, or to possibly execute arbitrary code.
4fc5d9593a2242ea01f057e6a7a61b13baf8fe1bbacd8ed9d2123f3ac61c271dRed Hat Security Advisory 2017-0565-01 - OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers, an interactive top level system, parsing tools, a replay debugger, a documentation generator, and a comprehensive library. Security Fix: An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.
7ec4a04c9b22cf05a24b055ff0a915044b74d928cafb2a5b4923b92b7dfdb68bRed Hat Security Advisory 2017-0564-01 - The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Security Fix: An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.
13e2ecc8a13af222de17972b009f4a313cce49b6e9f9523c18baa3b620443535Gentoo Linux Security Advisory 201702-15 - A buffer overflow in OCaml might allow remote attackers to obtain sensitive information or crash an OCaml-based application. Versions less than 4.04.0 are affected.
b0259060731221edc06671887f9874d175c18832ea421ad44004f92f9b043b66Red Hat Security Advisory 2016-2576-02 - The libguestfs packages contain a library, which is used for accessing and modifying virtual machine disk images. Virt-p2v is a tool for conversion of a physical server to a virtual guest. The following packages have been upgraded to a newer upstream version: libguestfs, virt-p2v. Security Fix: An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.
37eabece8dccd116651740c428db2fd23a7c4d2a71a0ff1de84a700f8bfb65eeRed Hat Security Advisory 2016-1296-01 - OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers, an interactive top level system, parsing tools, a replay debugger, a documentation generator, and a comprehensive library. Security Fix: OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are, causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak.
65a6a453296687f548fd82a2111f0e0bf5d24226b44b64a220454e43448dd1cc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed