Ubuntu has issued an advisory on August 15: https://ubuntu.com/security/notices/USN-6964-1
Source RPM: (none) => orc-0.4.33-1.mga9.src.rpmCVE: (none) => CVE-2024-40897Status comment: (none) => Patch available from Ubuntu
No registered maintainer, so assigning to all.
CC: (none) => marja11URL: (none) => https://ubuntu.com/security/notices/USN-6964-1Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. (CVE-2024-40897) References: https://ubuntu.com/security/notices/USN-6964-1 ======================== Updated packages in core/updates_testing: ======================== lib(64)orc0.4_0-0.4.33-1.1.mga9 lib(64)orc-devel-0.4.33-1.1.mga9 orc-0.4.33-1.1.mga9 from SRPM: orc-0.4.33-1.1.mga9.src.rpm
Status comment: Patch available from Ubuntu => (none)Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNED
Keywords: (none) => advisory
LC_ALL=C urpmi --auto --auto-update adding 66 new rpms not available in existing hdlist replacing /var/cache/urpmi/partial/synthesis.hdlist.cz with synthesis.hdlist.cz.tmp updating /var/cache/urpmi/partial/MD5SUM updated medium "QA Testing (32-bit)" medium "QA Testing (64-bit)" is up-to-date medium "Core Release (distrib1)" is up-to-date medium "Core Updates (distrib3)" is up-to-date medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date medium "Tainted Updates (distrib23)" is up-to-date medium "Core 32bit Release (distrib31)" is up-to-date medium "Core 32bit Updates (distrib32)" is up-to-date medium "Nonfree 32bit Release (distrib36)" is up-to-date medium "Tainted 32bit Release (distrib41)" is up-to-date medium "Tainted 32bit Updates (distrib42)" is up-to-date installing orc-0.4.33-1.1.mga9.x86_64.rpm lib64orc0.4_0-0.4.33-1.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/2: lib64orc0.4_0 ################################################################################################## 2/2: orc ################################################################################################## 1/2: removing orc-0.4.33-1.mga9.x86_64 ################################################################################################## 2/2: removing lib64orc0.4_0-0.4.33-1.mga9.x86_64 ################################################################################################## Description : Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The “language” is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations. Look like developer territory give OK in base clean install
Whiteboard: (none) => MGA9-64-OKCC: (none) => andrewsfarm
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0288.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED