[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 466-1] ocaml security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ocaml
Version        : 3.12.1-4+deb7u1
CVE ID         : CVE-2015-8869

OCaml versions 4.02.3 and earlier have a runtime bug that,
on 64-bit platforms, causes sizes arguments to an internal
memmove call to be sign-extended from 32 to 64-bits before
being passed to the memmove function.
This leads arguments between 2GiB and 4GiB to be interpreted
as larger than they are (specifically, a bit below 2^64),
causing a buffer overflow.
Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller
than they should be, causing a possible information leak.A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXM5ViXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHEMAP/0gKpMaGYmSbCwIjsiC5Dzwm
Uo7EoeU5RU64mJsM1r/0wgP/MoNiEAj/xqY75cVbjylWgdo8aYB6aZJ9DinwpIVX
yQKElAlE9hA8XvJuENvRMJUSM+fCUmZbW6ykRBr2LAFD1UjVXIp31V5sCYCQITcv
7mz40+szd/w7V2vfILpIRrEcklGlxz2Z9JSG54NJ9bB3D5/xrSgjbK5aAaKVzRCo
6bLCoP2JOateqPryIrt9SIg+irzVOZCwyDn51xQNfXfBDbRQzKOL8u4GUcEKnvk0
GFQVUOqx/LpiPSvkXCguHNgtxsSKVYyJYle3TNB+TDma4//Mc9bgWL0xp1yK+xo/
i6T4gtAz9DtWk9U2jumZuDzuKgv3mc1fGbC8WTrBqAJ+Kue9ICuf2n5Y+0AM5ICL
r2lb5Ul0DFipBFEUVrmydrs+QH/sxvUwmgDMbR0CxIkUAJToU9phXLGscFV19sSu
z1cDidjWYYQ0yqmmJxwC2x7wrbYEZq+XxSQkV2Av4VebkybAm0GUQ8RIaHpYMZFP
ixntR+8n5ujdlTL846l9KS9X/210QudxRLf9uld4FBHB298zDyewXxBnBvnSfIuV
xgsTQ3GvVySoru9WlKCgwc4TmpEFWnEo8/zg6XG7u0m98bFjlt10S4hdr66ZeIh4
EyHHIqEsc6nYcww3b7Lb
=Amxj
-----END PGP SIGNATURE-----


Reply to: