Ubuntu 18.04/16.04: USN-6964-2 critical: ORC code execution
ubuntu
October 1, 2024
ORC could be made to crash or execute arbitrary code
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: ORC could be made to crash or execute arbitrary code Software Description: - orc: Library of Optimized Inner Loops Runtime Compiler Details: USN-6964-1 fixed a vulnerability in ORC. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Noriko Totsuka discovered that ORC incorrectly handled certain specially crafted files. An attacker could possibly use this issue to execute arbitrary code.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS liborc-0.4-0 1:0.4.28-1ubuntu0.1~esm1 Available with Ubuntu Pro liborc-0.4-dev 1:0.4.28-1ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS liborc-0.4-0 1:0.4.25-1ubuntu0.1~esm1 Available with Ubuntu Pro liborc-0.4-dev 1:0.4.25-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6964-2
https://ubuntu.com/security/notices/USN-6964-1
CVE-2024-40897
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-6964-2
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!