Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable. External References: https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html Upstream issue: https://caml.inria.fr/mantis/view.php?id=7557
Created ocaml tracking bugs for this issue: Affects: fedora-rawhide [bug 1464921]
Affects Fedora 26 (OCaml 4.04.0) as well.