Synopsis:
ocaml security updateSummary:
An update for ocaml is now available for openEuler-22.03-LTS-SP4Description:
OCaml is a high-level, strongly-typed, functional and object-oriented programming language from the ML family of languages. This package includes runtime environment, X11 support ,Documentation generator and emacs.
Security Fix(es):
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.(CVE-2026-28364)Topic:
An update for ocaml is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Severity:
HighAffected Component:
ocaml
4.13.1-8.oe2203sp44.13.1-8.oe2203sp44.13.1-8.oe2203sp44.13.1-8.oe2203sp44.13.1-8.oe2203sp4Exploitability
AV:LAC:LPR:NUI:NScope
S:CImpact
C:HI:LA:N7.9/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N