OESA-2024-1975
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1975
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2024-1975.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2024-1975
- Upstream
- Published
- 2024-08-09T11:08:47Z
- Modified
- 2025-09-03T06:20:25.336627Z
- Summary
- orc security update
- Details
-
Orc is the sucessor to Liboil - The Library of Optimized Inner Loops. Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.
Security Fix(es):
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments.(CVE-2024-40897)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS / orc
Package
- Name
- orc
- Purl
- pkg:rpm/openEuler/orc&distro=openEuler-24.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.4.34-2.oe2403
Ecosystem specific
{
"aarch64": [
"orc-0.4.34-2.oe2403.aarch64.rpm",
"orc-compiler-0.4.34-2.oe2403.aarch64.rpm",
"orc-debuginfo-0.4.34-2.oe2403.aarch64.rpm",
"orc-debugsource-0.4.34-2.oe2403.aarch64.rpm",
"orc-devel-0.4.34-2.oe2403.aarch64.rpm",
"orc-help-0.4.34-2.oe2403.aarch64.rpm"
],
"src": [
"orc-0.4.34-2.oe2403.src.rpm"
],
"x86_64": [
"orc-0.4.34-2.oe2403.x86_64.rpm",
"orc-compiler-0.4.34-2.oe2403.x86_64.rpm",
"orc-debuginfo-0.4.34-2.oe2403.x86_64.rpm",
"orc-debugsource-0.4.34-2.oe2403.x86_64.rpm",
"orc-devel-0.4.34-2.oe2403.x86_64.rpm",
"orc-help-0.4.34-2.oe2403.x86_64.rpm"
]
}
openEuler:22.03-LTS-SP4 / orc
Package
- Name
- orc
- Purl
- pkg:rpm/openEuler/orc&distro=openEuler-22.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.4.32-3.oe2203sp4
Ecosystem specific
{
"aarch64": [
"orc-0.4.32-3.oe2203sp4.aarch64.rpm",
"orc-compiler-0.4.32-3.oe2203sp4.aarch64.rpm",
"orc-debuginfo-0.4.32-3.oe2203sp4.aarch64.rpm",
"orc-debugsource-0.4.32-3.oe2203sp4.aarch64.rpm",
"orc-devel-0.4.32-3.oe2203sp4.aarch64.rpm",
"orc-help-0.4.32-3.oe2203sp4.aarch64.rpm"
],
"src": [
"orc-0.4.32-3.oe2203sp4.src.rpm"
],
"x86_64": [
"orc-0.4.32-3.oe2203sp4.x86_64.rpm",
"orc-compiler-0.4.32-3.oe2203sp4.x86_64.rpm",
"orc-debuginfo-0.4.32-3.oe2203sp4.x86_64.rpm",
"orc-debugsource-0.4.32-3.oe2203sp4.x86_64.rpm",
"orc-devel-0.4.32-3.oe2203sp4.x86_64.rpm",
"orc-help-0.4.32-3.oe2203sp4.x86_64.rpm"
]
}
openEuler:22.03-LTS-SP3 / orc
Package
- Name
- orc
- Purl
- pkg:rpm/openEuler/orc&distro=openEuler-22.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.4.32-3.oe2203sp3
Ecosystem specific
{
"aarch64": [
"orc-0.4.32-3.oe2203sp3.aarch64.rpm",
"orc-compiler-0.4.32-3.oe2203sp3.aarch64.rpm",
"orc-debuginfo-0.4.32-3.oe2203sp3.aarch64.rpm",
"orc-debugsource-0.4.32-3.oe2203sp3.aarch64.rpm",
"orc-devel-0.4.32-3.oe2203sp3.aarch64.rpm",
"orc-help-0.4.32-3.oe2203sp3.aarch64.rpm"
],
"src": [
"orc-0.4.32-3.oe2203sp3.src.rpm"
],
"x86_64": [
"orc-0.4.32-3.oe2203sp3.x86_64.rpm",
"orc-compiler-0.4.32-3.oe2203sp3.x86_64.rpm",
"orc-debuginfo-0.4.32-3.oe2203sp3.x86_64.rpm",
"orc-debugsource-0.4.32-3.oe2203sp3.x86_64.rpm",
"orc-devel-0.4.32-3.oe2203sp3.x86_64.rpm",
"orc-help-0.4.32-3.oe2203sp3.x86_64.rpm"
]
}
openEuler:20.03-LTS-SP4 / orc
Package
- Name
- orc
- Purl
- pkg:rpm/openEuler/orc&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.4.31-2.oe2003sp4
Ecosystem specific
{
"aarch64": [
"orc-0.4.31-2.oe2003sp4.aarch64.rpm",
"orc-compiler-0.4.31-2.oe2003sp4.aarch64.rpm",
"orc-debuginfo-0.4.31-2.oe2003sp4.aarch64.rpm",
"orc-debugsource-0.4.31-2.oe2003sp4.aarch64.rpm",
"orc-devel-0.4.31-2.oe2003sp4.aarch64.rpm",
"orc-help-0.4.31-2.oe2003sp4.aarch64.rpm"
],
"src": [
"orc-0.4.31-2.oe2003sp4.src.rpm"
],
"x86_64": [
"orc-0.4.31-2.oe2003sp4.x86_64.rpm",
"orc-compiler-0.4.31-2.oe2003sp4.x86_64.rpm",
"orc-debuginfo-0.4.31-2.oe2003sp4.x86_64.rpm",
"orc-debugsource-0.4.31-2.oe2003sp4.x86_64.rpm",
"orc-devel-0.4.31-2.oe2003sp4.x86_64.rpm",
"orc-help-0.4.31-2.oe2003sp4.x86_64.rpm"
]
}
openEuler:22.03-LTS-SP1 / orc
Package
- Name
- orc
- Purl
- pkg:rpm/openEuler/orc&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.4.32-3.oe2203sp1
Ecosystem specific
{
"aarch64": [
"orc-0.4.32-3.oe2203sp1.aarch64.rpm",
"orc-compiler-0.4.32-3.oe2203sp1.aarch64.rpm",
"orc-debuginfo-0.4.32-3.oe2203sp1.aarch64.rpm",
"orc-debugsource-0.4.32-3.oe2203sp1.aarch64.rpm",
"orc-devel-0.4.32-3.oe2203sp1.aarch64.rpm",
"orc-help-0.4.32-3.oe2203sp1.aarch64.rpm"
],
"src": [
"orc-0.4.32-3.oe2203sp1.src.rpm"
],
"x86_64": [
"orc-0.4.32-3.oe2203sp1.x86_64.rpm",
"orc-compiler-0.4.32-3.oe2203sp1.x86_64.rpm",
"orc-debuginfo-0.4.32-3.oe2203sp1.x86_64.rpm",
"orc-debugsource-0.4.32-3.oe2203sp1.x86_64.rpm",
"orc-devel-0.4.32-3.oe2203sp1.x86_64.rpm",
"orc-help-0.4.32-3.oe2203sp1.x86_64.rpm"
]
}