Security update for ocaml SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:1561-1 Final 1 1 2018-06-06T06:07:34Z current 2018-06-06T06:07:34Z 2018-06-06T06:07:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ocaml This update for ocaml fixes the following issues: - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. [bsc#1088591] This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00006.html E-Mail link for openSUSE-SU-2018:1561-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 ocaml-4.03.0-4.6.1 ocaml-compiler-libs-4.03.0-4.6.1 ocaml-compiler-libs-devel-4.03.0-4.6.1 ocaml-docs-4.03.0-4.6.1 ocaml-emacs-4.03.0-4.6.1 ocaml-ocamldoc-4.03.0-4.6.1 ocaml-rpm-macros-4.03.0-4.6.1 ocaml-runtime-4.03.0-4.6.1 ocaml-source-4.03.0-4.6.1 ocaml-x11-4.03.0-4.6.1 ocaml-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-compiler-libs-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-compiler-libs-devel-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-docs-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-emacs-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-ocamldoc-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-rpm-macros-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-runtime-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-source-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 ocaml-x11-4.03.0-4.6.1 as a component of openSUSE Leap 42.3 The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. CVE-2018-9838 openSUSE Leap 42.3:ocaml-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-compiler-libs-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-compiler-libs-devel-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-docs-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-emacs-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-ocamldoc-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-rpm-macros-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-runtime-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-source-4.03.0-4.6.1 openSUSE Leap 42.3:ocaml-x11-4.03.0-4.6.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00006.html https://www.suse.com/security/cve/CVE-2018-9838.html CVE-2018-9838 https://bugzilla.suse.com/1088591 SUSE Bug 1088591