{"schema_version":"1.7.2","id":"OESA-2024-1975","modified":"2024-08-09T11:08:47Z","published":"2024-08-09T11:08:47Z","upstream":["CVE-2024-40897"],"summary":"orc security update","details":"Orc is the sucessor to Liboil - The Library of Optimized Inner Loops. Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data.  The \u0026quot;language\u0026quot; is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.\n\nSecurity Fix(es):\n\nStack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer\u0026apos;s build environment. This may lead to compromise of developer machines or CI build environments.(CVE-2024-40897)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"orc","purl":"pkg:rpm/openEuler/orc\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.34-2.oe2403"}]}],"ecosystem_specific":{"aarch64":["orc-0.4.34-2.oe2403.aarch64.rpm","orc-compiler-0.4.34-2.oe2403.aarch64.rpm","orc-debuginfo-0.4.34-2.oe2403.aarch64.rpm","orc-debugsource-0.4.34-2.oe2403.aarch64.rpm","orc-devel-0.4.34-2.oe2403.aarch64.rpm","orc-help-0.4.34-2.oe2403.aarch64.rpm"],"src":["orc-0.4.34-2.oe2403.src.rpm"],"x86_64":["orc-0.4.34-2.oe2403.x86_64.rpm","orc-compiler-0.4.34-2.oe2403.x86_64.rpm","orc-debuginfo-0.4.34-2.oe2403.x86_64.rpm","orc-debugsource-0.4.34-2.oe2403.x86_64.rpm","orc-devel-0.4.34-2.oe2403.x86_64.rpm","orc-help-0.4.34-2.oe2403.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"orc","purl":"pkg:rpm/openEuler/orc\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.32-3.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["orc-0.4.32-3.oe2203sp4.aarch64.rpm","orc-compiler-0.4.32-3.oe2203sp4.aarch64.rpm","orc-debuginfo-0.4.32-3.oe2203sp4.aarch64.rpm","orc-debugsource-0.4.32-3.oe2203sp4.aarch64.rpm","orc-devel-0.4.32-3.oe2203sp4.aarch64.rpm","orc-help-0.4.32-3.oe2203sp4.aarch64.rpm"],"src":["orc-0.4.32-3.oe2203sp4.src.rpm"],"x86_64":["orc-0.4.32-3.oe2203sp4.x86_64.rpm","orc-compiler-0.4.32-3.oe2203sp4.x86_64.rpm","orc-debuginfo-0.4.32-3.oe2203sp4.x86_64.rpm","orc-debugsource-0.4.32-3.oe2203sp4.x86_64.rpm","orc-devel-0.4.32-3.oe2203sp4.x86_64.rpm","orc-help-0.4.32-3.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"orc","purl":"pkg:rpm/openEuler/orc\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.32-3.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["orc-0.4.32-3.oe2203sp3.aarch64.rpm","orc-compiler-0.4.32-3.oe2203sp3.aarch64.rpm","orc-debuginfo-0.4.32-3.oe2203sp3.aarch64.rpm","orc-debugsource-0.4.32-3.oe2203sp3.aarch64.rpm","orc-devel-0.4.32-3.oe2203sp3.aarch64.rpm","orc-help-0.4.32-3.oe2203sp3.aarch64.rpm"],"src":["orc-0.4.32-3.oe2203sp3.src.rpm"],"x86_64":["orc-0.4.32-3.oe2203sp3.x86_64.rpm","orc-compiler-0.4.32-3.oe2203sp3.x86_64.rpm","orc-debuginfo-0.4.32-3.oe2203sp3.x86_64.rpm","orc-debugsource-0.4.32-3.oe2203sp3.x86_64.rpm","orc-devel-0.4.32-3.oe2203sp3.x86_64.rpm","orc-help-0.4.32-3.oe2203sp3.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"orc","purl":"pkg:rpm/openEuler/orc\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.31-2.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["orc-0.4.31-2.oe2003sp4.aarch64.rpm","orc-compiler-0.4.31-2.oe2003sp4.aarch64.rpm","orc-debuginfo-0.4.31-2.oe2003sp4.aarch64.rpm","orc-debugsource-0.4.31-2.oe2003sp4.aarch64.rpm","orc-devel-0.4.31-2.oe2003sp4.aarch64.rpm","orc-help-0.4.31-2.oe2003sp4.aarch64.rpm"],"src":["orc-0.4.31-2.oe2003sp4.src.rpm"],"x86_64":["orc-0.4.31-2.oe2003sp4.x86_64.rpm","orc-compiler-0.4.31-2.oe2003sp4.x86_64.rpm","orc-debuginfo-0.4.31-2.oe2003sp4.x86_64.rpm","orc-debugsource-0.4.31-2.oe2003sp4.x86_64.rpm","orc-devel-0.4.31-2.oe2003sp4.x86_64.rpm","orc-help-0.4.31-2.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"orc","purl":"pkg:rpm/openEuler/orc\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.32-3.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["orc-0.4.32-3.oe2203sp1.aarch64.rpm","orc-compiler-0.4.32-3.oe2203sp1.aarch64.rpm","orc-debuginfo-0.4.32-3.oe2203sp1.aarch64.rpm","orc-debugsource-0.4.32-3.oe2203sp1.aarch64.rpm","orc-devel-0.4.32-3.oe2203sp1.aarch64.rpm","orc-help-0.4.32-3.oe2203sp1.aarch64.rpm"],"src":["orc-0.4.32-3.oe2203sp1.src.rpm"],"x86_64":["orc-0.4.32-3.oe2203sp1.x86_64.rpm","orc-compiler-0.4.32-3.oe2203sp1.x86_64.rpm","orc-debuginfo-0.4.32-3.oe2203sp1.x86_64.rpm","orc-debugsource-0.4.32-3.oe2203sp1.x86_64.rpm","orc-devel-0.4.32-3.oe2203sp1.x86_64.rpm","orc-help-0.4.32-3.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1975"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40897"}],"database_specific":{"severity":"High"}}