Advisories ยป MGASA-2019-0124

Updated ocaml packages fix security vulnerability

Publication date: 05 Apr 2019
Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-9838

Description

The caml_ba_deserialize function in byterun/bigarray.c in the standard
library in OCaml 4.06.0 has an integer overflow which, in situations where
marshalled data is accepted from an untrusted source, allows remote
attackers to cause a denial of service (memory corruption) or possibly
execute arbitrary code via a crafted object. (CVE-2018-9838)
                

References

SRPMS

6/core