Oxenstored 32->31 bit integer truncation issues

ISSUE DESCRIPTION Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates...

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

CVE-2022-42324

CVE-2022-42324 details a 32-bit OCaml truncation issue in Oxenstored within the Xen/Xenstore/Xenbus stack. The Xenbus library casts a C uint32_t from the ring directly to an OCaml integer; on 64-bit OCaml this is fine, but on 32-bit builds the value is truncated, causing unsigned/signed confusion...

CVE-2022-42324

Oxenstored 32-31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most...

Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2022-2616)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : java-1.8.0-openjdk (EulerOS-SA-2022-2617)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported...

Security Bulletin: Vulnerability found in Apache Xalan Java XSLT library may affect IBM Enterprise Records

Summary IBM Enterprise Records may be affected by vulnerability found in Apache Xalan Java XSLT library. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncatio...

Debian: Security Advisory (DSA-5256-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3155 : libbcel-java - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3155 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3155-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-3155-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5256-1 : bcel - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5256 advisory. The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files...

[SECURITY] [DLA 3155-1] bcel security update

Debian LTS Advisory DLA-3155-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 18, 2022 https://wiki.debian.org/LTS Package : bcel Version : 6.2-1+deb10u1 CVE ID : CVE-2022-34169 Debian Bug : 1015860 The Apache Xalan Java XSLT library is vulnerable to an...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2022-2465)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : java-1.8.0-openjdk (EulerOS-SA-2022-2465)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

EulerOS 2.0 SP5 : java-1.8.0-openjdk (EulerOS-SA-2022-2440)

According to the versions of the java-1.8.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

OESA-2022-1977 bcel security update

The Byte Code Engineering Library formerly known as JavaClass is intended to give users a convenient possibility to analyze, create, and manipulate binary Java class files those ending with .class. Security Fixes: The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue whe...

Security Bulletin: Multiple vulnerabilities in IBM Semeru Runtime affect z/Transaction Processing Facility

Summary There are multiple vulnerabilities in IBM® Semeru Runtime Certified Edition 11 that is used by the z/TPF system. z/TPF has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute...

Amazon Linux 2 : java-1.8.0-openjdk (ALAS-2022-1836)

The version of java-1.8.0-openjdk installed on the remote host is prior to 1.8.0.342.b07-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1836 advisory. Generated code produced by C1 may leak a package-private class to a class from a different package...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2022:3152-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3152-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

SUSE-SU-2022:3152-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Note: the issues listed below were NOT fixed with the previous update 8.0-7.11. - Update to Java 8.0 Service Refresh 7 Fix Pack 15 bsc1202427: - CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java XSLT library that occurred...