Package ocaml updated to version 4.04.2-alt1.M80P.1 for branch p8 in task 185295.

Published: 2017-06-23
Modified: 2024-11-21

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

99277
99277
https://caml.inria.fr/mantis/view.php?id=7557
https://caml.inria.fr/mantis/view.php?id=7557
GLSA-201710-07
GLSA-201710-07
https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html
https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html

Published: 2017-09-07
Modified: 2024-11-21

CVE-2017-9779

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

https://caml.inria.fr/mantis/view.php?id=7557
https://caml.inria.fr/mantis/view.php?id=7557
[caml-list] 20170623 OCaml release 4.04.2
[caml-list] 20170623 OCaml release 4.04.2

Version: 2.1.0

Package ocaml update in p8 on 2017-07-12

ALT-PU-2017-1853-1

Closed vulnerabilities

CVE-2017-9772

CVE-2017-9779