USN-4778-1: OCaml vulnerabilities
15 March 2021
Several security issues were fixed in ocaml.
Releases
Packages
- ocaml - ML language implementation with a class-based object system
Details
It was discovered that OCaml mishandled sign extensions. A remote attacker
could use this vulnerability to steal sensitive information, cause a denial
of service (crash), or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 ESM. (CVE-2015-8869)
It was discovered that OCaml mishandled crafted input. An attacker could
use this vulnerability to cause a denial of service or possibly execute
arbitrary code. (CVE-2018-9838)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
ocaml-mode
-
4.05.0-10ubuntu1+esm1
Available with Ubuntu Pro
-
ocaml-base-nox
-
4.05.0-10ubuntu1+esm1
Available with Ubuntu Pro
-
ocaml-nox
-
4.05.0-10ubuntu1+esm1
Available with Ubuntu Pro
-
ocaml
-
4.05.0-10ubuntu1+esm1
Available with Ubuntu Pro
-
ocaml-base
-
4.05.0-10ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 16.04
-
ocaml-mode
-
4.02.3-5ubuntu2+esm1
Available with Ubuntu Pro
-
ocaml-base-nox
-
4.02.3-5ubuntu2+esm1
Available with Ubuntu Pro
-
ocaml-nox
-
4.02.3-5ubuntu2+esm1
Available with Ubuntu Pro
-
ocaml
-
4.02.3-5ubuntu2+esm1
Available with Ubuntu Pro
-
ocaml-base
-
4.02.3-5ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 14.04
-
ocaml-mode
-
4.01.0-3ubuntu3.1+esm1
Available with Ubuntu Pro
-
ocaml-base-nox
-
4.01.0-3ubuntu3.1+esm1
Available with Ubuntu Pro
-
ocaml-nox
-
4.01.0-3ubuntu3.1+esm1
Available with Ubuntu Pro
-
ocaml
-
4.01.0-3ubuntu3.1+esm1
Available with Ubuntu Pro
-
ocaml-base
-
4.01.0-3ubuntu3.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-3437-1: ocaml, ocaml-source, ocaml-compiler-libs, ocaml-nox, ocaml-interp, camlp4-extra, ocaml-native-compilers, ocaml-base-nox, ocaml-mode, camlp4, ocaml-base