{"id": "USN-3437-1", "bulletinFamily": "unix", "title": "OCaml vulnerability", "description": "Radek Micek discovered that OCaml incorrectly handled sign extensions. A \nremote attacker could use this issue to cause applications using OCaml to \ncrash, to possibly obtain sensitive information, or to possibly execute \narbitrary code.", "published": "2017-10-03T00:00:00", "modified": "2017-10-03T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "href": "https://ubuntu.com/security/notices/USN-3437-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2015-8869"], "cvelist": ["CVE-2015-8869"], "type": "ubuntu", "lastseen": "2020-07-02T11:44:15", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-8869"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310808351", "OPENVAS:1361412562310843321", "OPENVAS:1361412562310882514", "OPENVAS:1361412562310871787", "OPENVAS:1361412562310871689", "OPENVAS:1361412562311220171061", "OPENVAS:1361412562310808011"]}, {"type": "redhat", "idList": ["RHSA-2016:1296", "RHSA-2017:0565", "RHSA-2017:0564", "RHSA-2016:2576"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0565", "ELSA-2017-0564", "ELSA-2016-2576", "ELSA-2016-1296"]}, {"type": "debian", "idList": ["DEBIAN:DLA-466-1:AC67D"]}, {"type": "freebsd", "idList": ["8D2AF843-7D8E-11E9-8464-C85B76CE9B5A"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_8D2AF8437D8E11E98464C85B76CE9B5A.NASL", "SL_20160623_OCAML_ON_SL7_X.NASL", "GENTOO_GLSA-201702-15.NASL", "SL_20170321_LIBGUESTFS_ON_SL6_X.NASL", "REDHAT-RHSA-2017-0565.NASL", "REDHAT-RHSA-2016-2576.NASL", "CENTOS_RHSA-2017-0565.NASL", "CENTOS_RHSA-2017-0564.NASL", "ORACLELINUX_ELSA-2017-0565.NASL", "FEDORA_2016-1C4E616564.NASL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:A457A82D50C24C5905C75B59D7635065"]}, {"type": "centos", "idList": ["CESA-2016:2576", "CESA-2017:0564", "CESA-2016:1296", "CESA-2017:0565"]}, {"type": "archlinux", "idList": ["ASA-201610-17"]}, {"type": "fedora", "idList": ["FEDORA:502E66230056", "FEDORA:639C26087A08"]}, {"type": "gentoo", "idList": ["GLSA-201702-15"]}], "modified": "2020-07-02T11:44:15", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2020-07-02T11:44:15", "rev": 2}, "vulnersScore": 7.0}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "14.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "ocaml", "packageVersion": "4.01.0-3ubuntu3.1"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:21:31", "description": "OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.", "edition": 6, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 9.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2016-06-13T19:59:00", "title": "CVE-2015-8869", "type": "cve", "cwe": ["CWE-119", "CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8869"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:ocaml:ocaml:4.02.3", "cpe:/o:opensuse:opensuse:13.2", "cpe:/o:fedoraproject:fedora:24"], "id": "CVE-2015-8869", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8869", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ocaml:ocaml:4.02.3:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"]}], "centos": [{"lastseen": "2019-12-20T18:26:39", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0565\n\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive top level system, parsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and a comprehensive library.\n\nSecurity Fix(es):\n\n* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003864.html\n\n**Affected packages:**\nocaml\nocaml-camlp4\nocaml-camlp4-devel\nocaml-docs\nocaml-emacs\nocaml-labltk\nocaml-labltk-devel\nocaml-ocamldoc\nocaml-runtime\nocaml-source\nocaml-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0565.html", "edition": 3, "modified": "2017-03-24T15:38:23", "published": "2017-03-24T15:38:23", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003864.html", "id": "CESA-2017:0565", "title": "ocaml security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-12-20T18:28:42", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "**CentOS Errata and Security Advisory** CESA-2016:2576\n\n\nThe libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.\n\nVirt-p2v is a tool for conversion of a physical server to a virtual guest.\n\nThe following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766)\n\nSecurity Fix(es):\n\n* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2016-November/003611.html\n\n**Affected packages:**\nlibguestfs\nlibguestfs-bash-completion\nlibguestfs-devel\nlibguestfs-gfs2\nlibguestfs-gobject\nlibguestfs-gobject-devel\nlibguestfs-gobject-doc\nlibguestfs-inspect-icons\nlibguestfs-java\nlibguestfs-java-devel\nlibguestfs-javadoc\nlibguestfs-man-pages-ja\nlibguestfs-man-pages-uk\nlibguestfs-rescue\nlibguestfs-rsync\nlibguestfs-tools\nlibguestfs-tools-c\nlibguestfs-xfs\nlua-guestfs\nocaml-libguestfs\nocaml-libguestfs-devel\nperl-Sys-Guestfs\npython-libguestfs\nruby-libguestfs\nvirt-dib\nvirt-v2v\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-2576.html", "edition": 3, "modified": "2016-11-25T15:59:11", "published": "2016-11-25T15:59:11", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2016-November/003611.html", "id": "CESA-2016:2576", "title": "libguestfs, lua, ocaml, perl, python, ruby, virt security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-12-20T18:28:23", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "**CentOS Errata and Security Advisory** CESA-2016:1296\n\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented\nprogramming language from the ML family of languages. The ocaml packages\ncontain two batch compilers (a fast bytecode compiler and an optimizing\nnative-code compiler), an interactive top level system, parsing tools\n(Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and\na comprehensive library.\n\nSecurity Fix(es):\n\n* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being interpreted\nas larger than they are (specifically, a bit below 2^64), causing a\nbuffer overflow. Further, arguments between 4GiB and 6GiB are interpreted\nas 4GiB smaller than they should be, causing a possible information\nleak. (CVE-2015-8869)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2016-June/033971.html\n\n**Affected packages:**\nocaml\nocaml-camlp4\nocaml-camlp4-devel\nocaml-compiler-libs\nocaml-docs\nocaml-emacs\nocaml-labltk\nocaml-labltk-devel\nocaml-ocamldoc\nocaml-runtime\nocaml-source\nocaml-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2016-1296.html", "edition": 3, "modified": "2016-06-23T23:41:43", "published": "2016-06-23T23:41:43", "href": "http://lists.centos.org/pipermail/centos-announce/2016-June/033971.html", "id": "CESA-2016:1296", "title": "ocaml security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-12-20T18:29:02", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "**CentOS Errata and Security Advisory** CESA-2017:0564\n\n\nThe libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.\n\nSecurity Fix(es):\n\n* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003822.html\n\n**Affected packages:**\nlibguestfs\nlibguestfs-devel\nlibguestfs-java\nlibguestfs-java-devel\nlibguestfs-javadoc\nlibguestfs-tools\nlibguestfs-tools-c\nocaml-libguestfs\nocaml-libguestfs-devel\nperl-Sys-Guestfs\npython-libguestfs\nruby-libguestfs\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0564.html", "edition": 3, "modified": "2017-03-24T15:35:07", "published": "2017-03-24T15:35:07", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003822.html", "id": "CESA-2017:0564", "title": "libguestfs, ocaml, perl, python, ruby security update", "type": "centos", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2020-10-22T17:10:58", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "[4.01.0-22.7]\n- Fix buffer overflow and information leak CVE-2015-8869\n resolves: rhbz#1343100", "edition": 5, "modified": "2016-06-23T00:00:00", "published": "2016-06-23T00:00:00", "id": "ELSA-2016-1296", "href": "http://linux.oracle.com/errata/ELSA-2016-1296.html", "title": "ocaml security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "[1:1.20.11-20]\n- inspection: fix detection of /usr in separate partition\n resolves: rhbz#1388407\n[1:1.20.11-19]\n- libguestfs-java: bump the java Require to >= 1.7.0, matching the\n Build-Require, and the generated bytecode\n resolves: rhbz#1319086\n[1:1.20.11-18]\n- Fix buffer overflow and information leak CVE-2015-8869\n resolves: rhbz#1343103", "edition": 4, "modified": "2017-03-27T00:00:00", "published": "2017-03-27T00:00:00", "id": "ELSA-2017-0564", "href": "http://linux.oracle.com/errata/ELSA-2017-0564.html", "title": "libguestfs security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:35", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "[3.11.2-5]\n- Enable execshield stack protection on ppc/ppc64 (572826)\n related: rhbz#1343082\n- Fix strict-aliasing warnings in build (990540).\n[3.11.2-3]\n- Fix buffer overflow and information leak CVE-2015-8869\n resolves: rhbz#1343082", "edition": 4, "modified": "2017-03-27T00:00:00", "published": "2017-03-27T00:00:00", "id": "ELSA-2017-0565", "href": "http://linux.oracle.com/errata/ELSA-2017-0565.html", "title": "ocaml security update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:36:38", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "libguestfs\n[1:1.32.7-3]\n- Rebase to libguestfs 1.32 in RHEL 7.3\n resolves: rhbz#1218766\n- The full tests are now run after the package has been built.\n- New tool and subpackage: virt-dib (safe diskimage-builder replacement).\n- New subpackage libguestfs-inspect-icons to reduce dependencies of main pkg\n (see https://bugzilla.redhat.com/1194158).\n- New tool: virt-get-kernel.\n- Depend on java-headless instead of full java.\n- New tool: virt-v2v-copy-to-local.\n- Disable virt-v2v subpackage on ppc64 etc\n resolves: rhbz#1287826\n- v2v: Remove VirtualBox Additions correctly\n resolves: rhbz#1296606\n- Add clearer warnings sections to all man pages\n resolves: rhbz#1293527\n- v2v: Disable the --in-place option.\n- v2v: Support conversion of Windows > 7\n resolves: rhbz#1190669\n- Add code to verify tarball signatures.\n- General performance improvements.\n- v2v: Prevent duplicate -b, -n, -oa options\n resolves: rhbz#1326266\n resolves: rhbz#1325825\n- v2v: Unquote UUID and LABEL in fstab (util-linux 1335671)\n- v2v: Fix alignment issues in treeviews in conversion dialog\n resolves: rhbz#1340407\n- p2v: spinner should be hidden when it stops spinning\n resolves: rhbz#1341564\n- p2v: ethtool command is not supported on p2v client\n resolves: rhbz#1341608\n- p2v: Add ifconfig command to ISO\n resolves: rhbz#1342447\n- p2v: Warn if virt-p2v-make-disk used on a partition\n resolves: rhbz#1342337\n- Build using OCaml with fix for CVE-2015-8869.\n resolves: rhbz#1343101\n- customize: Add --uninstall option (upstream 1343375)\n- p2v: Document permissions on id_rsa file\n resolves: rhbz#1343414\n- p2v: Print full curl error message\n resolves: rhbz#1343423\n- get-kernel: Fix --format auto\n resolves: rhbz#1341984\n- v2v: Provide better \n information to RHEV-M\n resolves: rhbz#1342398\n- customize: Give an error if --truncate-recursive path does not exist\n resolves: rhbz#1345809\n- sysprep: Add --network option so that --install option can be used\n resolves: rhbz#1345813\n- p2v: Print proper error if incorrect password is given\n resolves: rhbz#1227599\n- p2v: Print ssh error if incorrect hostname is given\n resolves: rhbz#1167916\n- p2v: Display progress of operation in non-GUI mode\n resolves: rhbz#1229386\n- p2v: Add a dialog confirming the user really means to cancel\n resolves: rhbz#1340464\n- p2v: log window should process colour escapes and backspaces\n resolves: rhbz#1314244\n- v2v: Fix installation of virtio drivers with *.dll files\n resolves: rhbz#1311373\n- p2v: Improve error message when ssh login to conversion server fails\n resolves: rhbz#1348900\n- v2v: Remove --dcpath parameter from manual\n resolves: rhbz#1315237\n- v2v: Fix conversion of guests with floppy drives\n resolves: rhbz#1309706\n- p2v: Better error when sudo requires a password\n resolves: rhbz#1340809\n- v2v: Refuse to convert if there is < 1GB free in temporary directory\n resolves: rhbz#1316479\n- inspection: Get Windows drive letters for GPT disks\n resolves: rhbz#1349237\n- p2v: Add disk utils and display serial number of disks\n resolves: rhbz#855058\n- p2v: Fix timeout error when connecting to unresponsive ssh server\n resolves: rhbz#1350363\n- Remove external dependency generator. Use supermin RPM deps instead.\n related: rhbz#1309796\n- p2v: Flush messages to the journal immediately\n resolves: rhbz#1229386\n- customize: Fix --install on ppc64le\n resolves: rhbz#1264835\n- lib: Fix finding icons in Windows 7 64 bit guests\n resolevs: rhbz#1352761\n- v2v: Add virsh --quiet flag when running virt-v2v --quiet\n resolves: rhbz#1358142\n- lib: Fix inspection of ISOs with latest libosinfo\n resolves: rhbz#1359652\n- dib: Fix run_command exit handlers on failure\n resolves: rhbz#1362357\n- dib: Rework run of extra-data.d hooks\n resolves: rhbz#1362354\n- Miscellaneous fixes to man pages and --help output\n resolves: rhbz#1362668\n- lib: Specify backing format for read-only files\n resolves: rhbz#1354335\n- Fix --selinux-relabel option\n resolves: rhbz#1362669\n- sparsify: Fix --in-place option with UEFI guest\n resolves: rhbz#1364347\n- p2v: Use latest linux-firmware in ISO\n resolves: rhbz#1364419\n- v2v: Fix guest name when using -i disk\n resolves: rhbz#1365005\n- p2v: Fix GUI message.\n- v2v: Make fstrim message clearer\n resolves: rhbz#1366456\n- v2v: Fix conversion of UEFI guests when Secure Boot OVMF installed\n resolves: rhbz#1367615\n- lib: Fix assert-fail if port is missing in libvirt XML\n resolves: rhbz#1370424", "edition": 4, "modified": "2016-11-09T00:00:00", "published": "2016-11-09T00:00:00", "id": "ELSA-2016-2576", "href": "http://linux.oracle.com/errata/ELSA-2016-2576.html", "title": "libguestfs and virt-p2v security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:44", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "Arch Linux Security Advisory ASA-201610-17\n==========================================\n\nSeverity: Medium\nDate : 2016-10-24\nCVE-ID : CVE-2015-8869\nPackage : ocaml\nType : information disclosure\nRemote : Yes\nLink : https://wiki.archlinux.org/index.php/CVE\n\nSummary\n=======\n\nThe package ocaml before version 4.03.0-1 is vulnerable to information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 4.03.0-1.\n\n# pacman -Syu \"ocaml>=4.03.0-1\"\n\nThe problem has been fixed upstream in version 4.03.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nOCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes sizes arguments to an internal memmove call to be\nsign-extended from 32 to 64-bits before being passed to the memmove\nfunction.\nThis leads arguments between 2GiB and 4GiB to be interpreted as larger\nthan they are (specifically, a bit below 2^64), causing a buffer\noverflow. Arguments between 4GiB and 6GiB are interpreted as 4GiB\nsmaller than they should be, causing a possible information leak.\n\nImpact\n======\n\nA remote attacker is able to access sensitive information or crash the\napplication.\n\nReferences\n==========\n\nhttp://www.openwall.com/lists/oss-security/2016/04/29/6\nhttps://access.redhat.com/security/cve/CVE-2015-8869", "modified": "2016-10-24T00:00:00", "published": "2016-10-24T00:00:00", "id": "ASA-201610-17", "href": "https://security.archlinux.org/ASA-201610-17", "type": "archlinux", "title": "[ASA-201610-17] ocaml: information disclosure", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package comprises two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive toplevel system, parsing tools (Lex,Yacc), a replay debugger, a documentation generator, and a comprehensive library. ", "modified": "2016-05-09T00:07:07", "published": "2016-05-09T00:07:07", "id": "FEDORA:639C26087A08", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: ocaml-4.02.3-3.fc24", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package comprises two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive toplevel system, parsing tools (Lex,Yacc), a replay debugger, a documentation generator, and a comprehensive library. ", "modified": "2016-05-15T05:35:38", "published": "2016-05-15T05:35:38", "id": "FEDORA:502E66230056", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 23 Update: ocaml-4.02.2-5.fc23", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.\n\nSecurity Fix(es):\n\n* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "modified": "2018-06-07T18:23:28", "published": "2017-03-21T10:17:41", "id": "RHSA-2017:0564", "href": "https://access.redhat.com/errata/RHSA-2017:0564", "type": "redhat", "title": "(RHSA-2017:0564) Moderate: libguestfs security and bug fix update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:00", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive top level system, parsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and a comprehensive library.\n\nSecurity Fix(es):\n\n* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "modified": "2018-06-07T18:20:48", "published": "2017-03-21T10:17:41", "id": "RHSA-2017:0565", "href": "https://access.redhat.com/errata/RHSA-2017:0565", "type": "redhat", "title": "(RHSA-2017:0565) Moderate: ocaml security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:46:17", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "OCaml is a high-level, strongly-typed, functional, and object-oriented\nprogramming language from the ML family of languages. The ocaml packages\ncontain two batch compilers (a fast bytecode compiler and an optimizing\nnative-code compiler), an interactive top level system, parsing tools\n(Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and\na comprehensive library.\n\nSecurity Fix(es):\n\n* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being interpreted\nas larger than they are (specifically, a bit below 2^64), causing a\nbuffer overflow. Further, arguments between 4GiB and 6GiB are interpreted\nas 4GiB smaller than they should be, causing a possible information\nleak. (CVE-2015-8869)", "modified": "2018-04-12T03:32:38", "published": "2016-06-23T18:44:16", "id": "RHSA-2016:1296", "href": "https://access.redhat.com/errata/RHSA-2016:1296", "type": "redhat", "title": "(RHSA-2016:1296) Moderate: ocaml security update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images.\n\nVirt-p2v is a tool for conversion of a physical server to a virtual guest.\n\nThe following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766)\n\nSecurity Fix(es):\n\n* An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "modified": "2018-04-12T03:33:12", "published": "2016-11-03T10:07:14", "id": "RHSA-2016:2576", "href": "https://access.redhat.com/errata/RHSA-2016:2576", "type": "redhat", "title": "(RHSA-2016:2576) Moderate: libguestfs and virt-p2v security, bug fix, and enhancement update", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-10-04T00:00:00", "id": "OPENVAS:1361412562310843321", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843321", "type": "openvas", "title": "Ubuntu Update for ocaml USN-3437-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3437_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for ocaml USN-3437-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843321\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-04 08:50:06 +0200 (Wed, 04 Oct 2017)\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for ocaml USN-3437-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ocaml'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Radek Micek discovered that OCaml\n incorrectly handled sign extensions. A remote attacker could use this issue to\n cause applications using OCaml to crash, to possibly obtain sensitive\n information, or to possibly execute arbitrary code.\");\n script_tag(name:\"affected\", value:\"ocaml on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3437-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3437-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ocaml\", ver:\"4.01.0-3ubuntu3.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-03-22T00:00:00", "id": "OPENVAS:1361412562310871787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871787", "type": "openvas", "title": "RedHat Update for libguestfs RHSA-2017:0564-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libguestfs RHSA-2017:0564-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871787\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-03-22 05:48:45 +0100 (Wed, 22 Mar 2017)\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libguestfs RHSA-2017:0564-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libguestfs'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libguestfs packages contain a library,\nwhich is used for accessing and modifying virtual machine (VM) disk images.\n\nSecurity Fix(es):\n\n * An integer conversion flaw was found in the way OCaml's String handled\nits length. Certain operations on an excessively long String could trigger\na buffer overflow or result in an information leak. (CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a fixed\nversion of OCaml to address this issue.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"libguestfs on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0564-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-March/msg00041.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"libguestfs\", rpm:\"libguestfs~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-debuginfo\", rpm:\"libguestfs-debuginfo~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-java\", rpm:\"libguestfs-java~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-tools\", rpm:\"libguestfs-tools~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-tools-c\", rpm:\"libguestfs-tools-c~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Sys-Guestfs\", rpm:\"perl-Sys-Guestfs~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libguestfs\", rpm:\"python-libguestfs~1.20.11~20.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171061", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171061", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libguestfs (EulerOS-SA-2017-1061)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1061\");\n script_version(\"2020-01-23T10:47:07+0000\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:47:07 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:07 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libguestfs (EulerOS-SA-2017-1061)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1061\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1061\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libguestfs' package(s) announced via the EulerOS-SA-2017-1061 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.CVE-2015-8869\");\n\n script_tag(name:\"affected\", value:\"'libguestfs' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libguestfs\", rpm:\"libguestfs~1.32.7~3.2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libguestfs-java\", rpm:\"libguestfs-java~1.32.7~3.2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libguestfs-tools\", rpm:\"libguestfs-tools~1.32.7~3.2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libguestfs-tools-c\", rpm:\"libguestfs-tools-c~1.32.7~3.2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libguestfs-xfs\", rpm:\"libguestfs-xfs~1.32.7~3.2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-libguestfs\", rpm:\"python-libguestfs~1.32.7~3.2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2016-11-04T00:00:00", "id": "OPENVAS:1361412562310871689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871689", "type": "openvas", "title": "RedHat Update for libguestfs and virt-p2v RHSA-2016:2576-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for libguestfs and virt-p2v RHSA-2016:2576-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871689\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:41:49 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for libguestfs and virt-p2v RHSA-2016:2576-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libguestfs and virt-p2v'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The libguestfs packages contain a library,\nwhich is used for accessing and modifying virtual machine (VM) disk images.\n\nVirt-p2v is a tool for conversion of a physical server to a virtual guest.\n\nThe following packages have been upgraded to a newer upstream version:\nlibguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766)\n\nSecurity Fix(es):\n\n * An integer conversion flaw was found in the way OCaml's String handled\nits length. Certain operations on an excessively long String could trigger\na buffer overflow or result in an information leak. (CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a fixed\nversion of OCaml to address this issue.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"libguestfs and virt-p2v on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2576-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00012.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"libguestfs-inspect-icons\", rpm:\"libguestfs-inspect-icons~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-tools\", rpm:\"libguestfs-tools~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"virt-p2v\", rpm:\"virt-p2v~1.32.7~2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs\", rpm:\"libguestfs~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-debuginfo\", rpm:\"libguestfs-debuginfo~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-java\", rpm:\"libguestfs-java~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-tools-c\", rpm:\"libguestfs-tools-c~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libguestfs-xfs\", rpm:\"libguestfs-xfs~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perl-Sys-Guestfs\", rpm:\"perl-Sys-Guestfs~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-libguestfs\", rpm:\"python-libguestfs~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"virt-v2v\", rpm:\"virt-v2v~1.32.7~3.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "Check the version of ocaml", "modified": "2019-03-08T00:00:00", "published": "2016-06-24T00:00:00", "id": "OPENVAS:1361412562310882514", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882514", "type": "openvas", "title": "CentOS Update for ocaml CESA-2016:1296 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for ocaml CESA-2016:1296 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882514\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-24 05:27:04 +0200 (Fri, 24 Jun 2016)\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for ocaml CESA-2016:1296 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of ocaml\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"OCaml is a high-level, strongly-typed,\nfunctional, and object-oriented programming language from the ML family of\nlanguages. The ocaml packages contain two batch compilers\n(a fast bytecode compiler and an optimizing native-code compiler), an\ninteractive top level system, parsing tools (Lex, Yacc, Camlp4), a replay\ndebugger, a documentation generator, and a comprehensive library.\n\nSecurity Fix(es):\n\n * OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being interpreted\nas larger than they are (specifically, a bit below 2^64), causing a\nbuffer overflow. Further, arguments between 4GiB and 6GiB are interpreted\nas 4GiB smaller than they should be, causing a possible information\nleak. (CVE-2015-8869)\");\n script_tag(name:\"affected\", value:\"ocaml on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:1296\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-June/021933.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"ocaml\", rpm:\"ocaml~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-camlp4\", rpm:\"ocaml-camlp4~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-camlp4-devel\", rpm:\"ocaml-camlp4-devel~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-compiler-libs\", rpm:\"ocaml-compiler-libs~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-docs\", rpm:\"ocaml-docs~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-emacs\", rpm:\"ocaml-emacs~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-labltk\", rpm:\"ocaml-labltk~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-labltk-devel\", rpm:\"ocaml-labltk-devel~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-ocamldoc\", rpm:\"ocaml-ocamldoc~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-runtime\", rpm:\"ocaml-runtime~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-source\", rpm:\"ocaml-source~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"ocaml-x11\", rpm:\"ocaml-x11~4.01.0~22.7.el7_2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310808011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808011", "type": "openvas", "title": "Fedora Update for ocaml FEDORA-2016-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ocaml FEDORA-2016-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808011\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 05:17:55 +0200 (Mon, 09 May 2016)\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ocaml FEDORA-2016-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ocaml'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ocaml on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-1\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184507.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"ocaml\", rpm:\"ocaml~4.02.3~3.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2019-05-29T18:35:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2016-06-08T00:00:00", "id": "OPENVAS:1361412562310808351", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808351", "type": "openvas", "title": "Fedora Update for ocaml FEDORA-2016-78ad11154f", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for ocaml FEDORA-2016-78ad11154f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.808351\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-08 15:28:15 +0200 (Wed, 08 Jun 2016)\");\n script_cve_id(\"CVE-2015-8869\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for ocaml FEDORA-2016-78ad11154f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'ocaml'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"ocaml on Fedora 23\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-78ad11154f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WVPHVCDJ275JEUTKZRQKR6ANCCO3B\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC23\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC23\")\n{\n\n if ((res = isrpmvuln(pkg:\"ocaml\", rpm:\"ocaml~4.02.2~5.fc23\", rls:\"FC23\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "gentoo": [{"lastseen": "2017-02-21T01:00:01", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "edition": 1, "description": "### Background\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. \n\n### Description\n\nIt was discovered that OCaml was vulnerable to a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be causing a possible information leak. \n\n### Impact\n\nA remote attacker, able to interact with an OCaml-based application, could possibly obtain sensitive information or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OCaml users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/ocam-4.04.0\"\n \n\nPackages which depend on OCaml may need to be recompiled. Tools such as qdepends (included in app-portage/portage-utils) may assist in identifying these packages: \n \n \n # emerge --oneshot --ask --verbose $(qdepends -CQ dev-lang/ocaml | sed\n 's/^/=/')", "modified": "2017-02-20T00:00:00", "published": "2017-02-20T00:00:00", "id": "GLSA-201702-15", "href": "https://security.gentoo.org/glsa/201702-15", "title": "OCaml: Buffer overflow and information disclosure", "type": "gentoo", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-08-12T01:05:31", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "Package : ocaml\nVersion : 3.12.1-4+deb7u1\nCVE ID : CVE-2015-8869\n\nOCaml versions 4.02.3 and earlier have a runtime bug that,\non 64-bit platforms, causes sizes arguments to an internal\nmemmove call to be sign-extended from 32 to 64-bits before\nbeing passed to the memmove function.\nThis leads arguments between 2GiB and 4GiB to be interpreted\nas larger than they are (specifically, a bit below 2^64),\ncausing a buffer overflow.\nArguments between 4GiB and 6GiB are interpreted as 4GiB smaller\nthan they should be, causing a possible information leak.A\n", "edition": 7, "modified": "2016-05-11T20:30:23", "published": "2016-05-11T20:30:23", "id": "DEBIAN:DLA-466-1:AC67D", "href": "https://lists.debian.org/debian-lts-announce/2016/debian-lts-announce-201605/msg00018.html", "title": "[SECURITY] [DLA 466-1] ocaml security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:31:43", "bulletinFamily": "unix", "cvelist": ["CVE-2015-8869"], "description": "\nMITRE reports:\n\nOCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.\n\n", "edition": 3, "modified": "2019-05-26T00:00:00", "published": "2016-06-13T00:00:00", "id": "8D2AF843-7D8E-11E9-8464-C85B76CE9B5A", "href": "https://vuxml.freebsd.org/freebsd/8d2af843-7d8e-11e9-8464-c85b76ce9b5a.html", "title": "OCaml -- Multiple Security Vulnerabilities", "type": "freebsd", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-8869"], "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nRadek Micek discovered that OCaml incorrectly handled sign extensions. A remote attacker could use this issue to cause applications using OCaml to crash, to possibly obtain sensitive information, or to possibly execute arbitrary code.\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * All versions of Cloud Foundry cflinuxfs2 prior to 1.158.0\n\n# Mitigation\n\nOSS users are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.158.0 or later.\n\n# References\n\n * [USN-3437-1](<http://www.ubuntu.com/usn/usn-3437-1/>)\n * [CVE-2015-8869](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8869>)\n", "edition": 5, "modified": "2017-11-01T00:00:00", "published": "2017-11-01T00:00:00", "id": "CFOUNDRY:A457A82D50C24C5905C75B59D7635065", "href": "https://www.cloudfoundry.org/blog/usn-3437-1/", "title": "USN-3437-1: OCaml vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:14:02", "description": "Security fix for CVE-2015-8869\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 18, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-05-09T00:00:00", "title": "Fedora 24 : ocaml-4.02.3-3.fc24 (2016-1c4e616564)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2016-05-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ocaml", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-1C4E616564.NASL", "href": "https://www.tenable.com/plugins/nessus/90950", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2016-1c4e616564.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(90950);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8869\");\n script_xref(name:\"FEDORA\", value:\"2016-1c4e616564\");\n\n script_name(english:\"Fedora 24 : ocaml-4.02.3-3.fc24 (2016-1c4e616564)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-8869\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1332090\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184507.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f79b394\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ocaml package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"ocaml-4.02.3-3.fc24\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-12T10:14:24", "description": "Security fix for CVE-2015-8869\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-07-14T00:00:00", "title": "Fedora 23 : ocaml (2016-78ad11154f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2016-07-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:ocaml", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2016-78AD11154F.NASL", "href": "https://www.tenable.com/plugins/nessus/92114", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-78ad11154f.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92114);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-8869\");\n script_xref(name:\"FEDORA\", value:\"2016-78ad11154f\");\n\n script_name(english:\"Fedora 23 : ocaml (2016-78ad11154f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fix for CVE-2015-8869\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-78ad11154f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ocaml package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"ocaml-4.02.2-5.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T12:03:15", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has libguestfs packages installed that are affected by a\nvulnerability:\n\n - An integer conversion flaw was found in the way OCaml's\n String handled its length. Certain operations on an\n excessively long String could trigger a buffer overflow\n or result in an information leak. (CVE-2015-8869)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 17, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2019-08-12T00:00:00", "title": "NewStart CGSL MAIN 4.05 : libguestfs Vulnerability (NS-SA-2019-0110)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2019-08-12T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0110_LIBGUESTFS.NASL", "href": "https://www.tenable.com/plugins/nessus/127346", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0110. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127346);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-8869\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : libguestfs Vulnerability (NS-SA-2019-0110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has libguestfs packages installed that are affected by a\nvulnerability:\n\n - An integer conversion flaw was found in the way OCaml's\n String handled its length. Certain operations on an\n excessively long String could trigger a buffer overflow\n or result in an information leak. (CVE-2015-8869)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL libguestfs packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8869\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL MAIN 4.05\": [\n \"libguestfs-1.20.11-20.el6\",\n \"libguestfs-java-1.20.11-20.el6\",\n \"libguestfs-tools-1.20.11-20.el6\",\n \"libguestfs-tools-c-1.20.11-20.el6\",\n \"perl-Sys-Guestfs-1.20.11-20.el6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libguestfs\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-03-01T05:37:59", "description": "An update for ocaml is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented\nprogramming language from the ML family of languages. The ocaml\npackages contain two batch compilers (a fast bytecode compiler and an\noptimizing native-code compiler), an interactive top level system,\nparsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation\ngenerator, and a comprehensive library.\n\nSecurity Fix(es) :\n\n* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being\ninterpreted as larger than they are (specifically, a bit below 2^64),\ncausing a buffer overflow. Further, arguments between 4GiB and 6GiB\nare interpreted as 4GiB smaller than they should be, causing a\npossible information leak. (CVE-2015-8869)", "edition": 30, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-06-24T00:00:00", "title": "RHEL 7 : ocaml (RHSA-2016:1296)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ocaml-x11", "p-cpe:/a:redhat:enterprise_linux:ocaml-docs", "p-cpe:/a:redhat:enterprise_linux:ocaml-emacs", "p-cpe:/a:redhat:enterprise_linux:ocaml", "p-cpe:/a:redhat:enterprise_linux:ocaml-source", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:ocaml-labltk-devel", "cpe:/o:redhat:enterprise_linux:7.7", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:ocaml-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:ocaml-compiler-libs", "cpe:/o:redhat:enterprise_linux:7.3", "p-cpe:/a:redhat:enterprise_linux:ocaml-camlp4", "cpe:/o:redhat:enterprise_linux:7.2", "p-cpe:/a:redhat:enterprise_linux:ocaml-labltk", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:ocaml-ocamldoc", "p-cpe:/a:redhat:enterprise_linux:ocaml-runtime", "p-cpe:/a:redhat:enterprise_linux:ocaml-camlp4-devel"], "id": "REDHAT-RHSA-2016-1296.NASL", "href": "https://www.tenable.com/plugins/nessus/91804", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1296. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91804);\n script_version(\"2.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2015-8869\");\n script_xref(name:\"RHSA\", value:\"2016:1296\");\n\n script_name(english:\"RHEL 7 : ocaml (RHSA-2016:1296)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for ocaml is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented\nprogramming language from the ML family of languages. The ocaml\npackages contain two batch compilers (a fast bytecode compiler and an\noptimizing native-code compiler), an interactive top level system,\nparsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation\ngenerator, and a comprehensive library.\n\nSecurity Fix(es) :\n\n* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being\ninterpreted as larger than they are (specifically, a bit below 2^64),\ncausing a buffer overflow. Further, arguments between 4GiB and 6GiB\nare interpreted as 4GiB smaller than they should be, causing a\npossible information leak. (CVE-2015-8869)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8869\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-camlp4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-camlp4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-compiler-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-labltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-labltk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-ocamldoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1296\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-camlp4-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-camlp4-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-camlp4-devel-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-camlp4-devel-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-compiler-libs-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-compiler-libs-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-debuginfo-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-debuginfo-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-docs-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-docs-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-emacs-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-emacs-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-labltk-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-labltk-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-labltk-devel-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-labltk-devel-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-ocamldoc-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-ocamldoc-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-runtime-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-runtime-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-source-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-source-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ocaml-x11-4.01.0-22.7.el7_2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ocaml-x11-4.01.0-22.7.el7_2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml / ocaml-camlp4 / ocaml-camlp4-devel / ocaml-compiler-libs / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-20T12:29:11", "description": "This update for ocaml fixes the following issue :\n\nSecurity issue fixed :\n\n - CVE-2015-8869: Prevent buffer overflow and information\n leak. (bsc#977990)\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "edition": 18, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-09-12T00:00:00", "title": "openSUSE Security Update : ocaml (openSUSE-2016-1072)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2016-09-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ocaml-source", "p-cpe:/a:novell:opensuse:ocaml", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:ocaml-ocamldoc-debuginfo", "p-cpe:/a:novell:opensuse:ocaml-debuginfo", "p-cpe:/a:novell:opensuse:ocaml-ocamldoc", "p-cpe:/a:novell:opensuse:ocaml-rpm-macros", "p-cpe:/a:novell:opensuse:ocaml-debugsource", "p-cpe:/a:novell:opensuse:ocaml-runtime-debuginfo", "p-cpe:/a:novell:opensuse:ocaml-compiler-libs-devel", "p-cpe:/a:novell:opensuse:ocaml-emacs", "p-cpe:/a:novell:opensuse:ocaml-compiler-libs", "p-cpe:/a:novell:opensuse:ocaml-runtime", "p-cpe:/a:novell:opensuse:ocaml-x11"], "id": "OPENSUSE-2016-1072.NASL", "href": "https://www.tenable.com/plugins/nessus/93435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1072.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93435);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-8869\");\n\n script_name(english:\"openSUSE Security Update : ocaml (openSUSE-2016-1072)\");\n script_summary(english:\"Check for the openSUSE-2016-1072 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for ocaml fixes the following issue :\n\nSecurity issue fixed :\n\n - CVE-2015-8869: Prevent buffer overflow and information\n leak. (bsc#977990)\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977990\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ocaml packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-compiler-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-compiler-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-ocamldoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-ocamldoc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-rpm-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-runtime-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocaml-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-compiler-libs-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-compiler-libs-devel-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-debuginfo-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-debugsource-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-emacs-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-ocamldoc-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-ocamldoc-debuginfo-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-rpm-macros-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-runtime-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-runtime-debuginfo-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-source-4.02.3-3.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"ocaml-x11-4.02.3-3.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml / ocaml-compiler-libs / ocaml-compiler-libs-devel / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T12:50:43", "description": "From Red Hat Security Advisory 2016:1296 :\n\nAn update for ocaml is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented\nprogramming language from the ML family of languages. The ocaml\npackages contain two batch compilers (a fast bytecode compiler and an\noptimizing native-code compiler), an interactive top level system,\nparsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation\ngenerator, and a comprehensive library.\n\nSecurity Fix(es) :\n\n* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being\ninterpreted as larger than they are (specifically, a bit below 2^64),\ncausing a buffer overflow. Further, arguments between 4GiB and 6GiB\nare interpreted as 4GiB smaller than they should be, causing a\npossible information leak. (CVE-2015-8869)", "edition": 26, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-06-24T00:00:00", "title": "Oracle Linux 7 : ocaml (ELSA-2016-1296)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2016-06-24T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:ocaml-camlp4-devel", "p-cpe:/a:oracle:linux:ocaml-docs", "p-cpe:/a:oracle:linux:ocaml-runtime", "p-cpe:/a:oracle:linux:ocaml", "p-cpe:/a:oracle:linux:ocaml-x11", "p-cpe:/a:oracle:linux:ocaml-source", "p-cpe:/a:oracle:linux:ocaml-compiler-libs", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:ocaml-camlp4", "p-cpe:/a:oracle:linux:ocaml-labltk-devel", "p-cpe:/a:oracle:linux:ocaml-emacs", "p-cpe:/a:oracle:linux:ocaml-labltk", "p-cpe:/a:oracle:linux:ocaml-ocamldoc"], "id": "ORACLELINUX_ELSA-2016-1296.NASL", "href": "https://www.tenable.com/plugins/nessus/91799", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:1296 and \n# Oracle Linux Security Advisory ELSA-2016-1296 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91799);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-8869\");\n script_xref(name:\"RHSA\", value:\"2016:1296\");\n\n script_name(english:\"Oracle Linux 7 : ocaml (ELSA-2016-1296)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:1296 :\n\nAn update for ocaml is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOCaml is a high-level, strongly-typed, functional, and object-oriented\nprogramming language from the ML family of languages. The ocaml\npackages contain two batch compilers (a fast bytecode compiler and an\noptimizing native-code compiler), an interactive top level system,\nparsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation\ngenerator, and a comprehensive library.\n\nSecurity Fix(es) :\n\n* OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit\nplatforms, causes size arguments to internal memmove calls to be\nsign-extended from 32- to 64-bits before being passed to the memmove\nfunction. This leads to arguments between 2GiB and 4GiB being\ninterpreted as larger than they are (specifically, a bit below 2^64),\ncausing a buffer overflow. Further, arguments between 4GiB and 6GiB\nare interpreted as 4GiB smaller than they should be, causing a\npossible information leak. (CVE-2015-8869)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-June/006140.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ocaml packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-camlp4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-camlp4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-compiler-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-labltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-labltk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-ocamldoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:ocaml-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-camlp4-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-camlp4-devel-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-compiler-libs-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-docs-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-emacs-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-labltk-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-labltk-devel-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-ocamldoc-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-runtime-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-source-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"ocaml-x11-4.01.0-22.7.el7_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml / ocaml-camlp4 / ocaml-camlp4-devel / ocaml-compiler-libs / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-17T13:49:18", "description": "Security Fix(es) :\n\n - OCaml versions 4.02.3 and earlier have a runtime bug\n that, on 64-bit platforms, causes size arguments to\n internal memmove calls to be sign- extended from 32- to\n 64-bits before being passed to the memmove function.\n This leads to arguments between 2GiB and 4GiB being\n interpreted as larger than they are (specifically, a bit\n below 2^64), causing a buffer overflow. Further,\n arguments between 4GiB and 6GiB are interpreted as 4GiB\n smaller than they should be, causing a possible\n information leak. (CVE-2015-8869)", "edition": 15, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2016-07-13T00:00:00", "title": "Scientific Linux Security Update : ocaml on SL7.x x86_64 (20160623)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2016-07-13T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:ocaml-extlib", "p-cpe:/a:fermilab:scientific_linux:brlapi-devel", "p-cpe:/a:fermilab:scientific_linux:graphviz-python", "p-cpe:/a:fermilab:scientific_linux:graphviz-php", "p-cpe:/a:fermilab:scientific_linux:graphviz-gd", "p-cpe:/a:fermilab:scientific_linux:ocaml-csv", "p-cpe:/a:fermilab:scientific_linux:ocaml-gettext", "p-cpe:/a:fermilab:scientific_linux:graphviz-perl", "p-cpe:/a:fermilab:scientific_linux:python-brlapi", "p-cpe:/a:fermilab:scientific_linux:ocaml-labltk-devel", "p-cpe:/a:fermilab:scientific_linux:brlapi-java", "p-cpe:/a:fermilab:scientific_linux:ocaml-docs", "p-cpe:/a:fermilab:scientific_linux:graphviz-lua", "p-cpe:/a:fermilab:scientific_linux:ruby-hivex", "p-cpe:/a:fermilab:scientific_linux:ocaml-findlib", "p-cpe:/a:fermilab:scientific_linux:ocaml-labltk", "p-cpe:/a:fermilab:scientific_linux:graphviz-doc", "p-cpe:/a:fermilab:scientific_linux:graphviz", "p-cpe:/a:fermilab:scientific_linux:ocaml-xml-light-devel", "p-cpe:/a:fermilab:scientific_linux:graphviz-devel", "p-cpe:/a:fermilab:scientific_linux:graphviz-guile", "p-cpe:/a:fermilab:scientific_linux:ocaml-source", "p-cpe:/a:fermilab:scientific_linux:ocaml-xml-light", "p-cpe:/a:fermilab:scientific_linux:ocaml-hivex-devel", "p-cpe:/a:fermilab:scientific_linux:perl-hivex", "p-cpe:/a:fermilab:scientific_linux:ocaml-curses", "p-cpe:/a:fermilab:scientific_linux:ocaml-calendar-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-ocamldoc", "p-cpe:/a:fermilab:scientific_linux:ocaml-compiler-libs", "p-cpe:/a:fermilab:scientific_linux:graphviz-tcl", "p-cpe:/a:fermilab:scientific_linux:ocaml-x11", "p-cpe:/a:fermilab:scientific_linux:graphviz-graphs", "p-cpe:/a:fermilab:scientific_linux:ocaml-fileutils-devel", "p-cpe:/a:fermilab:scientific_linux:tcl-brlapi", "p-cpe:/a:fermilab:scientific_linux:ocaml-libvirt", "p-cpe:/a:fermilab:scientific_linux:ocaml", "p-cpe:/a:fermilab:scientific_linux:python-hivex", "p-cpe:/a:fermilab:scientific_linux:ocaml-curses-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-findlib-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-fileutils", "p-cpe:/a:fermilab:scientific_linux:ocaml-csv-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-camlp4", "p-cpe:/a:fermilab:scientific_linux:graphviz-ruby", "p-cpe:/a:fermilab:scientific_linux:ocaml-libvirt-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-emacs", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:hivex", "p-cpe:/a:fermilab:scientific_linux:ocaml-libguestfs-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-camlp4-devel", "p-cpe:/a:fermilab:scientific_linux:hivex-devel", "p-cpe:/a:fermilab:scientific_linux:brltty-at-spi", "p-cpe:/a:fermilab:scientific_linux:ocaml-brlapi", "p-cpe:/a:fermilab:scientific_linux:ocaml-extlib-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-calendar", "p-cpe:/a:fermilab:scientific_linux:graphviz-ocaml", "p-cpe:/a:fermilab:scientific_linux:brltty-docs", "p-cpe:/a:fermilab:scientific_linux:brltty-xw", "p-cpe:/a:fermilab:scientific_linux:brltty", "p-cpe:/a:fermilab:scientific_linux:ocaml-hivex", "p-cpe:/a:fermilab:scientific_linux:ocaml-gettext-devel", "p-cpe:/a:fermilab:scientific_linux:ocaml-debuginfo", "p-cpe:/a:fermilab:scientific_linux:ocaml-runtime", "p-cpe:/a:fermilab:scientific_linux:brlapi", "p-cpe:/a:fermilab:scientific_linux:graphviz-java"], "id": "SL_20160623_OCAML_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/92031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92031);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2015-8869\");\n\n script_name(english:\"Scientific Linux Security Update : ocaml on SL7.x x86_64 (20160623)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - OCaml versions 4.02.3 and earlier have a runtime bug\n that, on 64-bit platforms, causes size arguments to\n internal memmove calls to be sign- extended from 32- to\n 64-bits before being passed to the memmove function.\n This leads to arguments between 2GiB and 4GiB being\n interpreted as larger than they are (specifically, a bit\n below 2^64), causing a buffer overflow. Further,\n arguments between 4GiB and 6GiB are interpreted as 4GiB\n smaller than they should be, causing a possible\n information leak. (CVE-2015-8869)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1607&L=scientific-linux-errata&F=&S=&P=75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f60dc3b6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brlapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brlapi-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brlapi-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brltty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brltty-at-spi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brltty-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:brltty-xw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-gd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-graphs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-guile\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-lua\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-php\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:graphviz-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-brlapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-calendar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-calendar-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-camlp4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-camlp4-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-compiler-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-csv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-csv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-curses\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-curses-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-emacs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-extlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-extlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-fileutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-fileutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-findlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-findlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-gettext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-gettext-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-hivex-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-labltk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-labltk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-ocamldoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-xml-light\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ocaml-xml-light-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-brlapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:ruby-hivex\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:tcl-brlapi\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brlapi-0.6.0-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brlapi-devel-0.6.0-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brlapi-java-0.6.0-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brltty-4.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brltty-at-spi-4.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brltty-docs-4.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"brltty-xw-4.5-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-devel-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-doc-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-gd-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-graphs-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-guile-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-java-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-lua-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-ocaml-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-perl-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-php-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-python-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-ruby-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"graphviz-tcl-2.30.1-19.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"hivex-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"hivex-devel-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-brlapi-0.6.0-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-calendar-2.03.2-5.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-calendar-devel-2.03.2-5.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-camlp4-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-camlp4-devel-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-compiler-libs-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-csv-1.2.3-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-csv-devel-1.2.3-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-curses-1.0.3-18.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-curses-devel-1.0.3-18.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-debuginfo-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-docs-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-emacs-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-extlib-1.5.3-5.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-extlib-devel-1.5.3-5.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-fileutils-0.4.4-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-fileutils-devel-0.4.4-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-findlib-1.3.3-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-findlib-devel-1.3.3-6.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-gettext-0.3.4-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-gettext-devel-0.3.4-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-hivex-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-hivex-devel-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-labltk-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-labltk-devel-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-libguestfs-devel-1.28.1-1.18.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-libvirt-0.6.1.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-libvirt-devel-0.6.1.2-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-ocamldoc-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-runtime-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-source-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-x11-4.01.0-22.7.el7_2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-xml-light-2.3-0.6.svn234.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ocaml-xml-light-devel-2.3-0.6.svn234.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perl-hivex-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-brlapi-0.6.0-9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-hivex-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ruby-hivex-1.3.10-5.7.sl7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"tcl-brlapi-0.6.0-9.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"brlapi / brlapi-devel / brlapi-java / brltty / brltty-at-spi / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-03-01T07:33:24", "description": "Radek Micek discovered that OCaml incorrectly handled sign extensions.\nA remote attacker could use this issue to cause applications using\nOCaml to crash, to possibly obtain sensitive information, or to\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-10-04T00:00:00", "title": "Ubuntu 14.04 LTS : ocaml vulnerability (USN-3437-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:ocaml", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103662", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3437-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(103662);\n script_version(\"3.6\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2015-8869\");\n script_xref(name:\"USN\", value:\"3437-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : ocaml vulnerability (USN-3437-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Radek Micek discovered that OCaml incorrectly handled sign extensions.\nA remote attacker could use this issue to cause applications using\nOCaml to crash, to possibly obtain sensitive information, or to\npossibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3437-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected ocaml package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ocaml\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"ocaml\", pkgver:\"4.01.0-3ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-01-06T13:24:07", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Enable execshield stack protection on ppc/ppc64 (572826)\n related: rhbz#1343082\n\n - Fix strict-aliasing warnings in build (990540).\n\n - Fix buffer overflow and information leak (CVE-2015-8869)\n resolves: rhbz#1343082", "edition": 24, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-03-30T00:00:00", "title": "OracleVM 3.3 / 3.4 : ocaml (OVMSA-2017-0049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2017-03-30T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:ocaml-runtime"], "id": "ORACLEVM_OVMSA-2017-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/99076", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0049.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99076);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2015-8869\");\n\n script_name(english:\"OracleVM 3.3 / 3.4 : ocaml (OVMSA-2017-0049)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Enable execshield stack protection on ppc/ppc64 (572826)\n related: rhbz#1343082\n\n - Fix strict-aliasing warnings in build (990540).\n\n - Fix buffer overflow and information leak (CVE-2015-8869)\n resolves: rhbz#1343082\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-March/000660.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6cb24df\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-March/000666.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5299d2d4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ocaml-runtime package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:ocaml-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"(3\\.3|3\\.4)\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3 / 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"ocaml-runtime-3.11.2-5.el6\")) flag++;\n\nif (rpm_check(release:\"OVS3.4\", reference:\"ocaml-runtime-3.11.2-5.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ocaml-runtime\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-03-01T05:38:54", "description": "An update for libguestfs is now available for Red Hat Enterprise Linux\n6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libguestfs packages contain a library, which is used for accessing\nand modifying virtual machine (VM) disk images.\n\nSecurity Fix(es) :\n\n* An integer conversion flaw was found in the way OCaml's String\nhandled its length. Certain operations on an excessively long String\ncould trigger a buffer overflow or result in an information leak.\n(CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a\nfixed version of OCaml to address this issue.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.", "edition": 30, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}, "published": "2017-03-22T00:00:00", "title": "RHEL 6 : libguestfs (RHSA-2017:0564)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-8869"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:libguestfs-debuginfo", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools", "p-cpe:/a:redhat:enterprise_linux:libguestfs", "p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc", "p-cpe:/a:redhat:enterprise_linux:python-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java", "p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs", "p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:libguestfs-devel", "p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs"], "id": "REDHAT-RHSA-2017-0564.NASL", "href": "https://www.tenable.com/plugins/nessus/97872", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0564. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97872);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2015-8869\");\n script_xref(name:\"RHSA\", value:\"2017:0564\");\n\n script_name(english:\"RHEL 6 : libguestfs (RHSA-2017:0564)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for libguestfs is now available for Red Hat Enterprise Linux\n6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe libguestfs packages contain a library, which is used for accessing\nand modifying virtual machine (VM) disk images.\n\nSecurity Fix(es) :\n\n* An integer conversion flaw was found in the way OCaml's String\nhandled its length. Certain operations on an excessively long String\ncould trigger a buffer overflow or result in an information leak.\n(CVE-2015-8869)\n\nNote: The libguestfs packages in this advisory were rebuilt with a\nfixed version of OCaml to address this issue.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9\nTechnical Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5caa05f\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8869\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-java-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-javadoc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libguestfs-tools-c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ocaml-libguestfs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Sys-Guestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ruby-libguestfs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/06/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0564\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-debuginfo-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-devel-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-java-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-java-devel-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-javadoc-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-tools-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"libguestfs-tools-c-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ocaml-libguestfs-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ocaml-libguestfs-devel-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perl-Sys-Guestfs-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-libguestfs-1.20.11-20.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"ruby-libguestfs-1.20.11-20.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libguestfs / libguestfs-debuginfo / libguestfs-devel / etc\");\n }\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}]}