An update for orc is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1975 Final 1.0 1.0 2024-08-09 Initial 2024-08-09 2024-08-09 openEuler SA Tool V1.0 2024-08-09 orc security update An update for orc is now available for openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1 Orc is the sucessor to Liboil - The Library of Optimized Inner Loops. Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations. Security Fix(es): Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.(CVE-2024-40897) An update for orc is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High orc https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1975 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-40897 https://nvd.nist.gov/vuln/detail/CVE-2024-40897 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 orc-0.4.34-2.oe2403.src.rpm orc-0.4.32-3.oe2203sp4.src.rpm orc-0.4.32-3.oe2203sp3.src.rpm orc-0.4.31-2.oe2003sp4.src.rpm orc-0.4.32-3.oe2203sp1.src.rpm orc-0.4.34-2.oe2403.x86_64.rpm orc-compiler-0.4.34-2.oe2403.x86_64.rpm orc-debuginfo-0.4.34-2.oe2403.x86_64.rpm orc-debugsource-0.4.34-2.oe2403.x86_64.rpm orc-devel-0.4.34-2.oe2403.x86_64.rpm orc-help-0.4.34-2.oe2403.x86_64.rpm orc-0.4.32-3.oe2203sp4.x86_64.rpm orc-compiler-0.4.32-3.oe2203sp4.x86_64.rpm orc-debuginfo-0.4.32-3.oe2203sp4.x86_64.rpm orc-debugsource-0.4.32-3.oe2203sp4.x86_64.rpm orc-devel-0.4.32-3.oe2203sp4.x86_64.rpm orc-help-0.4.32-3.oe2203sp4.x86_64.rpm orc-0.4.32-3.oe2203sp3.x86_64.rpm orc-compiler-0.4.32-3.oe2203sp3.x86_64.rpm orc-debuginfo-0.4.32-3.oe2203sp3.x86_64.rpm orc-debugsource-0.4.32-3.oe2203sp3.x86_64.rpm orc-devel-0.4.32-3.oe2203sp3.x86_64.rpm orc-help-0.4.32-3.oe2203sp3.x86_64.rpm orc-0.4.31-2.oe2003sp4.x86_64.rpm orc-compiler-0.4.31-2.oe2003sp4.x86_64.rpm orc-debuginfo-0.4.31-2.oe2003sp4.x86_64.rpm orc-debugsource-0.4.31-2.oe2003sp4.x86_64.rpm orc-devel-0.4.31-2.oe2003sp4.x86_64.rpm orc-help-0.4.31-2.oe2003sp4.x86_64.rpm orc-0.4.32-3.oe2203sp1.x86_64.rpm orc-compiler-0.4.32-3.oe2203sp1.x86_64.rpm orc-debuginfo-0.4.32-3.oe2203sp1.x86_64.rpm orc-debugsource-0.4.32-3.oe2203sp1.x86_64.rpm orc-devel-0.4.32-3.oe2203sp1.x86_64.rpm orc-help-0.4.32-3.oe2203sp1.x86_64.rpm orc-0.4.34-2.oe2403.aarch64.rpm orc-compiler-0.4.34-2.oe2403.aarch64.rpm orc-debuginfo-0.4.34-2.oe2403.aarch64.rpm orc-debugsource-0.4.34-2.oe2403.aarch64.rpm orc-devel-0.4.34-2.oe2403.aarch64.rpm orc-help-0.4.34-2.oe2403.aarch64.rpm orc-0.4.32-3.oe2203sp4.aarch64.rpm orc-compiler-0.4.32-3.oe2203sp4.aarch64.rpm orc-debuginfo-0.4.32-3.oe2203sp4.aarch64.rpm orc-debugsource-0.4.32-3.oe2203sp4.aarch64.rpm orc-devel-0.4.32-3.oe2203sp4.aarch64.rpm orc-help-0.4.32-3.oe2203sp4.aarch64.rpm orc-0.4.32-3.oe2203sp3.aarch64.rpm orc-compiler-0.4.32-3.oe2203sp3.aarch64.rpm orc-debuginfo-0.4.32-3.oe2203sp3.aarch64.rpm orc-debugsource-0.4.32-3.oe2203sp3.aarch64.rpm orc-devel-0.4.32-3.oe2203sp3.aarch64.rpm orc-help-0.4.32-3.oe2203sp3.aarch64.rpm orc-0.4.31-2.oe2003sp4.aarch64.rpm orc-compiler-0.4.31-2.oe2003sp4.aarch64.rpm orc-debuginfo-0.4.31-2.oe2003sp4.aarch64.rpm orc-debugsource-0.4.31-2.oe2003sp4.aarch64.rpm orc-devel-0.4.31-2.oe2003sp4.aarch64.rpm orc-help-0.4.31-2.oe2003sp4.aarch64.rpm orc-0.4.32-3.oe2203sp1.aarch64.rpm orc-compiler-0.4.32-3.oe2203sp1.aarch64.rpm orc-debuginfo-0.4.32-3.oe2203sp1.aarch64.rpm orc-debugsource-0.4.32-3.oe2203sp1.aarch64.rpm orc-devel-0.4.32-3.oe2203sp1.aarch64.rpm orc-help-0.4.32-3.oe2203sp1.aarch64.rpm Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer s build environment. This may lead to compromise of developer machines or CI build environments. 2024-08-09 CVE-2024-40897 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 High 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H orc security update 2024-08-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1975