orc-0.4.26-1.0.1.el7.AXS7
エラータID: AXSA:2024-8902:03
Release date:
Wednesday, October 16, 2024 - 15:22
Subject:
orc-0.4.26-1.0.1.el7.AXS7
Affected Channels:
Asianux Server 7 for x86_64
Severity:
High
Description:
Orc is a library and set of tools for compiling and executing very simple
programs that operate on arrays of data. The "language" is a generic assembly
language that represents many of the features available in SIMD architectures,
including saturated addition and subtraction, and many arithmetic operations.
Security Fix(es):
* CVE-2024-40897: fix stack buffer overflow while construct error messages
* Disable gtk-doc building due lack of gtkdoc-mktmpl command in
gtk-doc-1.28-2.el7
CVE(s):
CVE-2024-40897
Solution:
Update packages.
CVEs:
CVE-2024-40897
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.
Additional Info:
N/A
Download:
SRPMS
- orc-0.4.26-1.0.1.el7.AXS7.src.rpm not found
Asianux Server 7 for x86_64
- orc-0.4.26-1.0.1.el7.AXS7.i686.rpm
MD5: a0ff0c6289ce3ab19dcc3b6bec511627
SHA-256: 0318801b2bd07ceaf4f3a6e96948faf1fe368958e1251e516797e5fb2503d069
Size: 170.68 kB - orc-0.4.26-1.0.1.el7.AXS7.x86_64.rpm
MD5: fc0317eb1fae5771015f63eede73d815
SHA-256: 5844600f42048698744e95029250b935db4c6a8f8da9b74585ae5b9c01487f92
Size: 165.60 kB
日本語