Scientific Linux Security Update : ocaml on SL7.x x86_64
Medium Nessus Plugin ID 92031
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign- extended from 32- to 64-bits before being passed to the memmove function.
This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. (CVE-2015-8869)
SolutionUpdate the affected packages.