Advisories » MGASA-2019-0124

Updated ocaml packages fix security vulnerability

Publication date: 05 Apr 2019
Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-9838

Description

The caml_ba_deserialize function in byterun/bigarray.c in the standard
library in OCaml 4.06.0 has an integer overflow which, in situations where
marshalled data is accepted from an untrusted source, allows remote
attackers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via a crafted object. (CVE-2018-9838)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22948
• https://lists.opensuse.org/opensuse-updates/2018-04/msg00070.html
• https://bugzilla.suse.com/show_bug.cgi?id=1088591
• https://lists.opensuse.org/opensuse-updates/2018-06/msg00016.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9838

SRPMS

6/core

• ocaml-4.02.3-6.1.mga6