Scientific Linux: SLSA-2016:1296-1 Moderate: OCaml Buffer Overflow Advisory

Date: Wed, 6 Jul 2016 21:49:22 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Kevin Hill 
Subject: Security ERRATA Moderate: ocaml on SL7.x x86_64
MIME-Version: 1.0
Message-ID: <20160706214922.28928.72715@slpackages.fnal.gov>

Synopsis: Moderate: ocaml security update
Advisory ID: SLSA-2016:1296-1
Issue Date: 2016-06-23
CVE Numbers: CVE-2015-8869
--

Security Fix(es):

* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit
platforms, causes size arguments to internal memmove calls to be sign-
extended from 32- to 64-bits before being passed to the memmove function.
This leads to arguments between 2GiB and 4GiB being interpreted as larger
than they are (specifically, a bit below 2^64), causing a buffer overflow.
Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller
than they should be, causing a possible information leak. (CVE-2015-8869)
--

SL7
 x86_64
 ocaml-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-camlp4-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-camlp4-devel-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-compiler-libs-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-debuginfo-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-docs-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-emacs-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-labltk-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-labltk-devel-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-ocamldoc-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-runtime-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-source-4.01.0-22.7.el7_2.x86_64.rpm
 ocaml-x11-4.01.0-22.7.el7_2.x86_64.rpm

Additionally, the 7.0 release required the following dependencies
already updated in 7.1 and 7.2:
 x86_64
 brlapi-0.6.0-9.el7.i686.rpm
 brlapi-0.6.0-9.el7.x86_64.rpm
 brlapi-devel-0.6.0-9.el7.i686.rpm
 brlapi-devel-0.6.0-9.el7.x86_64.rpm
 brlapi-java-0.6.0-9.el7.x86_64.rpm
 brltty-4.5-9.el7.x86_64.rpm
 brltty-at-spi-4.5-9.el7.x86_64.rpm
 brltty-docs-4.5-9.el7.noarch.rpm
 brltty-xw-4.5-9.el7.x86_64.rpm
 graphviz-2.30.1-19.el7.i686.rpm
 graphviz-2.30.1-19.el7.x86_64.rpm
 graphviz-devel-2.30.1-19.el7.i686.rpm
 graphviz-devel-2.30.1-19.el7.x86_64.rpm
 graphviz-doc-2.30.1-19.el7.x86_64.rpm
 graphviz-gd-2.30.1-19.el7.i686.rpm
 graphviz-gd-2.30.1-19.el7.x86_64.rpm
 graphviz-graphs-2.30.1-19.el7.x86_64.rpm
 graphviz-guile-2.30.1-19.el7.x86_64.rpm
 graphviz-java-2.30.1-19.el7.x86_64.rpm
 graphviz-lua-2.30.1-19.el7.x86_64.rpm
 graphviz-ocaml-2.30.1-19.el7.x86_64.rpm
 graphviz-perl-2.30.1-19.el7.x86_64.rpm
 graphviz-php-2.30.1-19.el7.x86_64.rpm
 graphviz-python-2.30.1-19.el7.x86_64.rpm
 graphviz-ruby-2.30.1-19.el7.x86_64.rpm
 graphviz-tcl-2.30.1-19.el7.i686.rpm
 graphviz-tcl-2.30.1-19.el7.x86_64.rpm
 hivex-1.3.10-5.7.sl7.i686.rpm
 hivex-1.3.10-5.7.sl7.x86_64.rpm
 hivex-devel-1.3.10-5.7.sl7.i686.rpm
 hivex-devel-1.3.10-5.7.sl7.x86_64.rpm
 ocaml-brlapi-0.6.0-9.el7.x86_64.rpm
 ocaml-calendar-2.03.2-5.el7.x86_64.rpm
 ocaml-calendar-devel-2.03.2-5.el7.x86_64.rpm
 ocaml-csv-1.2.3-6.el7.x86_64.rpm
 ocaml-csv-devel-1.2.3-6.el7.x86_64.rpm
 ocaml-curses-1.0.3-18.el7.x86_64.rpm
 ocaml-curses-devel-1.0.3-18.el7.x86_64.rpm
 ocaml-extlib-1.5.3-5.el7.x86_64.rpm
 ocaml-extlib-devel-1.5.3-5.el7.x86_64.rpm
 ocaml-fileutils-0.4.4-7.el7.x86_64.rpm
 ocaml-fileutils-devel-0.4.4-7.el7.x86_64.rpm
 ocaml-findlib-1.3.3-6.el7.x86_64.rpm
 ocaml-findlib-devel-1.3.3-6.el7.x86_64.rpm
 ocaml-gettext-0.3.4-13.el7.x86_64.rpm
 ocaml-gettext-devel-0.3.4-13.el7.x86_64.rpm
 ocaml-hivex-1.3.10-5.7.sl7.x86_64.rpm
 ocaml-hivex-devel-1.3.10-5.7.sl7.x86_64.rpm
 ocaml-labltk-devel-4.01.0-22.2.el7.x86_64.rpm
 ocaml-libguestfs-devel-1.28.1-1.18.el7.x86_64.rpm
 ocaml-libvirt-0.6.1.2-10.el7.x86_64.rpm
 ocaml-libvirt-devel-0.6.1.2-10.el7.x86_64.rpm
 ocaml-xml-light-2.3-0.6.svn234.el7.x86_64.rpm
 ocaml-xml-light-devel-2.3-0.6.svn234.el7.x86_64.rpm
 perl-hivex-1.3.10-5.7.sl7.x86_64.rpm
 python-brlapi-0.6.0-9.el7.x86_64.rpm
 python-hivex-1.3.10-5.7.sl7.x86_64.rpm
 ruby-hivex-1.3.10-5.7.sl7.x86_64.rpm
 tcl-brlapi-0.6.0-9.el7.x86_64.rpm

- Scientific Linux Development Team