What Are You Looking For?

Sign Up
   SUSE Security Update: Security update for ocaml
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:1493-1
Rating:             important
References:         #1088591 
Cross-References:   CVE-2018-9838
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 12-SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for ocaml fixes the following issues:

   - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in
     the standard library had an integer overflow which, in situations where
     marshalled data is accepted from an untrusted source, allows remote
     attackers to cause a denial of service (memory corruption) or possibly
     execute arbitrary code via a crafted object. [bsc#1088591]


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 12-SP3:

      zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1019=1



Package List:

   - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64):

      ocaml-4.03.0-8.6.8
      ocaml-compiler-libs-4.03.0-8.6.8
      ocaml-debuginfo-4.03.0-8.6.8
      ocaml-debugsource-4.03.0-8.6.8
      ocaml-rpm-macros-4.03.0-8.6.8
      ocaml-runtime-4.03.0-8.6.8
      ocaml-runtime-debuginfo-4.03.0-8.6.8


References:

   https://www.suse.com/security/cve/CVE-2018-9838.html
   https://bugzilla.suse.com/1088591

SUSE: 2018:1493-1 important: ocaml

June 4, 2018
An update that fixes one vulnerability is now available

Summary

This update for ocaml fixes the following issues: - CVE-2018-9838: The caml_ba_deserialize function in byterun/bigarray.c in the standard library had an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. [bsc#1088591] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP3: zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1019=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP3 (aarch64 ppc64le s390x x86_64): ocaml-4.03.0-8.6.8 ocaml-compiler-libs-4.03.0-8.6.8 ocaml-debuginfo-4.03.0-8.6.8 ocaml-debugsource-4.03.0-8.6.8 ocaml-rpm-macros-4.03.0-8.6.8 ocaml-runtime-4.03.0-8.6.8 ocaml-runtime-debuginfo-4.03.0-8.6.8

References

#1088591

Cross- CVE-2018-9838

Affected Products:

SUSE Linux Enterprise Software Development Kit 12-SP3

https://www.suse.com/security/cve/CVE-2018-9838.html

https://bugzilla.suse.com/1088591

Severity
Announcement ID: SUSE-SU-2018:1493-1
Rating: important

Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover

Dec 7, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo