Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

Mageia 9 MGASA-2024-0288 Critical: ORC Buffer Overflow Threat

mageia
Calendar Grey September 10, 2024
Scroller Mageia Esm H88
A stack-related buffer overflow issue in ORC poses a risk of unauthorized code execution that may compromise system integrity. Urgent patches are advised.
Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39

Summary

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. (CVE-2024-40897)

References

- https://bugs.mageia.org/show_bug.cgi?id=33529

- https://ubuntu.com/security/notices/USN-6964-1

- https://www.cve.org/CVERecord?id=CVE-2024-40897

Resolution

SRPMS

- 9/core/orc-0.4.33-1.1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 10 Sep 2024
URL: https://advisories.mageia.org/MGASA-2024-0288.html
Type: security
CVE: CVE-2024-40897

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.