orc-0.4.28-4.el8_10

エラータID: AXSA:2024-8673:01

Release date: 
Thursday, August 15, 2024 - 16:53
Subject: 
orc-0.4.28-4.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.

Security Fix(es):

* orc: Stack-based buffer overflow vulnerability in ORC (CVE-2024-40897)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.

Solution: 

Update packages.

CVEs: 
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
Additional Info: 

N/A

Download: 

SRPMS
  1. orc-0.4.28-4.el8_10.src.rpm
    MD5: 0fa1e559293dfc4846bd73c059481c45
    SHA-256: 5d13110dbd666e2b3292dc29afe470b26b0ecacadfc2e6e84cc005bfa519f636
    Size: 477.79 kB

Asianux Server 8 for x86_64
  1. orc-0.4.28-4.el8_10.i686.rpm
    MD5: 4ff502dc3434ee11ca9afa4ae63b66b9
    SHA-256: b44cf504975650631d215f668fd6aceb6851c0c28979c1aff1ca9db4eacb9429
    Size: 186.30 kB
  2. orc-0.4.28-4.el8_10.x86_64.rpm
    MD5: 3721b1dc63698014f8f5ffa1d54fbc2f
    SHA-256: 7d766df2e54b3649025b953378796ab0080da6612f956169ba1cd85164f78714
    Size: 174.09 kB
  3. orc-compiler-0.4.28-4.el8_10.x86_64.rpm
    MD5: 9f324437c32c543ef849b96375456793
    SHA-256: 764cb8eb94fe251b18193f7ae56f74bcdedab9d4226f85734636671731352c0f
    Size: 28.46 kB
  4. orc-devel-0.4.28-4.el8_10.i686.rpm
    MD5: c74638e3738dcccc85f763b1f1726693
    SHA-256: 29584e853f68be8c164127886f596ea9fbf743c897b02c6806365e0b68a7366d
    Size: 48.79 kB
  5. orc-devel-0.4.28-4.el8_10.x86_64.rpm
    MD5: adafe6288e03b3625227d6e0616afcdb
    SHA-256: e4647950039e66f798011dae12321308399db8b3e00b5add627895302ffb7171
    Size: 48.76 kB