Advisories » MGASA-2024-0288

Updated orc packages fix security vulnerability

Publication date: 10 Sep 2024
Modification date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-40897

Description

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC
versions prior to 0.4.39. If a developer is tricked to process a
specially crafted file with the affected ORC compiler, an arbitrary code
may be executed on the developer's build environment. This may lead to
compromise of developer machines or CI build environments.
(CVE-2024-40897)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33529
• https://ubuntu.com/security/notices/USN-6964-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40897

SRPMS

9/core

• orc-0.4.33-1.1.mga9