Amazon Linux 2023 Security Advisory: ALAS-2024-728
Advisory Release Date: 2024-10-10 03:02 Pacific
Advisory Updated Date: 2024-10-14 16:00 Pacific
Severity:
Medium
Issue Overview:
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. (CVE-2024-40897)
Affected Packages:
orc
Issue Correction:
Run dnf update orc --releasever 2023.6.20241010 to update your system.
New Packages:
aarch64:
orc-debuginfo-0.4.31-4.amzn2023.0.4.aarch64
orc-devel-0.4.31-4.amzn2023.0.4.aarch64
orc-compiler-0.4.31-4.amzn2023.0.4.aarch64
orc-0.4.31-4.amzn2023.0.4.aarch64
orc-compiler-debuginfo-0.4.31-4.amzn2023.0.4.aarch64
orc-debugsource-0.4.31-4.amzn2023.0.4.aarch64
noarch:
orc-doc-0.4.31-4.amzn2023.0.4.noarch
src:
orc-0.4.31-4.amzn2023.0.4.src
x86_64:
orc-compiler-0.4.31-4.amzn2023.0.4.x86_64
orc-devel-0.4.31-4.amzn2023.0.4.x86_64
orc-compiler-debuginfo-0.4.31-4.amzn2023.0.4.x86_64
orc-0.4.31-4.amzn2023.0.4.x86_64
orc-debugsource-0.4.31-4.amzn2023.0.4.x86_64
orc-debuginfo-0.4.31-4.amzn2023.0.4.x86_64