Scientific Linux 安全更新:SL7.x x86_64 上的 ocaml
critical Nessus 插件 ID 92031
语言:
简介
远程 Scientific Linux 主机缺少一个或多个安全更新。描述
安全补丁:- OCaml 4.02.3 和较早版本存有一个运行时缺陷,在 64 位平台上,此缺陷造成系统在将内部 memmove 调用的参数传送至 memmove 函数前,对其执行 sign-extended 而从 32 变为 64 位。
这会导致系统将 2GiB 和 4GiB 之间的参数解译为大于其实际值(具体而言是稍微小于 2^64),进而造成缓冲区溢出。此外,系统会将 4GiB 和 6GiB 之间的参数解译为小于其实际值的 4GiB,进而可能造成信息泄漏。(CVE-2015-8869)
解决方案
更新受影响的程序包。另见
插件详情
严重性: Critical
ID: 92031
文件名: sl_20160623_ocaml_on_SL7_x.nasl
版本: 2.5
类型: local
代理: unix
发布时间: 2016/7/13
最近更新时间: 2021/1/14
支持的传感器: Nessus Agent, Nessus
风险信息
VPR
风险因素: Medium
分数: 5.2
CVSS v2
风险因素: Medium
基本分数: 6.4
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS v3
风险因素: Critical
基本分数: 9.1
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞信息
CPE: p-cpe:/a:fermilab:scientific_linux:ocaml-findlib-devel, p-cpe:/a:fermilab:scientific_linux:perl-hivex, p-cpe:/a:fermilab:scientific_linux:brltty, p-cpe:/a:fermilab:scientific_linux:ocaml-emacs, p-cpe:/a:fermilab:scientific_linux:brlapi-java, p-cpe:/a:fermilab:scientific_linux:graphviz-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-fileutils, p-cpe:/a:fermilab:scientific_linux:ocaml-gettext-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-source, p-cpe:/a:fermilab:scientific_linux:graphviz-gd, p-cpe:/a:fermilab:scientific_linux:ocaml-docs, p-cpe:/a:fermilab:scientific_linux:ocaml-xml-light-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-calendar-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-extlib, p-cpe:/a:fermilab:scientific_linux:graphviz-lua, p-cpe:/a:fermilab:scientific_linux:graphviz, p-cpe:/a:fermilab:scientific_linux:python-brlapi, p-cpe:/a:fermilab:scientific_linux:graphviz-perl, p-cpe:/a:fermilab:scientific_linux:ocaml-ocamldoc, p-cpe:/a:fermilab:scientific_linux:ocaml-calendar, p-cpe:/a:fermilab:scientific_linux:brltty-xw, p-cpe:/a:fermilab:scientific_linux:ocaml-camlp4-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-hivex-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-labltk-devel, p-cpe:/a:fermilab:scientific_linux:ocaml, p-cpe:/a:fermilab:scientific_linux:ocaml-brlapi, p-cpe:/a:fermilab:scientific_linux:ocaml-hivex, p-cpe:/a:fermilab:scientific_linux:graphviz-guile, p-cpe:/a:fermilab:scientific_linux:graphviz-tcl, p-cpe:/a:fermilab:scientific_linux:brlapi-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-camlp4, p-cpe:/a:fermilab:scientific_linux:ocaml-fileutils-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-xml-light, p-cpe:/a:fermilab:scientific_linux:ocaml-extlib-devel, p-cpe:/a:fermilab:scientific_linux:brlapi, p-cpe:/a:fermilab:scientific_linux:ocaml-labltk, p-cpe:/a:fermilab:scientific_linux:brltty-docs, p-cpe:/a:fermilab:scientific_linux:ocaml-libvirt, p-cpe:/a:fermilab:scientific_linux:graphviz-php, p-cpe:/a:fermilab:scientific_linux:ocaml-libvirt-devel, p-cpe:/a:fermilab:scientific_linux:ruby-hivex, p-cpe:/a:fermilab:scientific_linux:ocaml-compiler-libs, p-cpe:/a:fermilab:scientific_linux:tcl-brlapi, p-cpe:/a:fermilab:scientific_linux:ocaml-debuginfo, p-cpe:/a:fermilab:scientific_linux:ocaml-runtime, p-cpe:/a:fermilab:scientific_linux:graphviz-python, p-cpe:/a:fermilab:scientific_linux:graphviz-graphs, p-cpe:/a:fermilab:scientific_linux:hivex-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-csv, p-cpe:/a:fermilab:scientific_linux:python-hivex, p-cpe:/a:fermilab:scientific_linux:graphviz-doc, p-cpe:/a:fermilab:scientific_linux:ocaml-libguestfs-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-gettext, p-cpe:/a:fermilab:scientific_linux:ocaml-findlib, x-cpe:/o:fermilab:scientific_linux, p-cpe:/a:fermilab:scientific_linux:hivex, p-cpe:/a:fermilab:scientific_linux:ocaml-x11, p-cpe:/a:fermilab:scientific_linux:graphviz-ocaml, p-cpe:/a:fermilab:scientific_linux:brltty-at-spi, p-cpe:/a:fermilab:scientific_linux:graphviz-java, p-cpe:/a:fermilab:scientific_linux:graphviz-ruby, p-cpe:/a:fermilab:scientific_linux:ocaml-csv-devel, p-cpe:/a:fermilab:scientific_linux:ocaml-curses, p-cpe:/a:fermilab:scientific_linux:ocaml-curses-devel
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
补丁发布日期: 2016/6/23
漏洞发布日期: 2016/6/13
参考资料信息
CVE: CVE-2015-8869