Jump to:

CVE-2017-9772

Jump to:

CVE-2017-9772

Package ocaml updated to version 4.07.1-alt1 for branch sisyphus in task 215119.

Published: 2017-06-23
Modified: 2024-11-21

CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

99277
99277
https://caml.inria.fr/mantis/view.php?id=7557
https://caml.inria.fr/mantis/view.php?id=7557
GLSA-201710-07
GLSA-201710-07
https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html
https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html

Version: 2.1.0

Package ocaml update in sisyphus on 2018-10-20

ALT-PU-2018-2520-1

Closed vulnerabilities

CVE-2017-9772