Red Hat Product Errata RHSA-2024:5629 - Security Advisory
Issued:
2024-08-20
Updated:
2024-08-20

RHSA-2024:5629 - Security Advisory

Synopsis

Moderate: orc security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for orc is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.

Security Fix(es):

  • orc: Stack-based buffer overflow vulnerability in ORC (CVE-2024-40897)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2300010 - CVE-2024-40897 orc: Stack-based buffer overflow vulnerability in ORC

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
orc-0.4.31-7.el9_0.src.rpm SHA-256: f0ef1eb0a0e364e6563d131032f526e920609056216b11cf3997aff708c42e6a
ppc64le
orc-0.4.31-7.el9_0.ppc64le.rpm SHA-256: ac8a1977db8e2e2e6e80982e4f8195c3a0fcd31405857cc7c59bc16759364f48
orc-compiler-0.4.31-7.el9_0.ppc64le.rpm SHA-256: 65dae37f1542870e9a96d6b9bb3f0d7fcd92142a774b0869d78b5967163d1448
orc-compiler-debuginfo-0.4.31-7.el9_0.ppc64le.rpm SHA-256: ccc6da04a7c74090c56e9cdd44c78ef8ca6791a9eab5435e614aadd09ac86654
orc-debuginfo-0.4.31-7.el9_0.ppc64le.rpm SHA-256: f3e95306bb3677e846897a66f870034cca643f0e452d73c5886d452a6915f509
orc-debugsource-0.4.31-7.el9_0.ppc64le.rpm SHA-256: 536ea82b59762f096de30509cd12dd7b2a5822fbf9d6e7c60fd43d8d84c0c1e8
orc-devel-0.4.31-7.el9_0.ppc64le.rpm SHA-256: fbcd66d377f99a42f239d1677244bdc692dc0fba20b64db1494ae16dd2dd9579

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
orc-0.4.31-7.el9_0.src.rpm SHA-256: f0ef1eb0a0e364e6563d131032f526e920609056216b11cf3997aff708c42e6a
x86_64
orc-0.4.31-7.el9_0.i686.rpm SHA-256: 205050d721c2ad436ecdcea221f75c2901c359cece7f3f131b7bdd18a5c9edd2
orc-0.4.31-7.el9_0.x86_64.rpm SHA-256: 1695ef3fd7136c233bb3caeb3fbe178d33138765c42e34ee252185937237f240
orc-compiler-0.4.31-7.el9_0.x86_64.rpm SHA-256: 9f7ae11f83e0722f86fa46a1d65f5cf6fa55623f3db02a3595b81a24efdb02f3
orc-compiler-debuginfo-0.4.31-7.el9_0.i686.rpm SHA-256: 53784a0492c415c52c8ae60b032b576d13234af2b6c272e83f3962a600edd12b
orc-compiler-debuginfo-0.4.31-7.el9_0.x86_64.rpm SHA-256: e93dc3c8647bc30562aa7a4db586fc07c281b9d748559131e3cde4b8b8ecb3e7
orc-debuginfo-0.4.31-7.el9_0.i686.rpm SHA-256: 565954582566aca0e7b2da06e580db45c19ea40aff5c583f2e34e1384c0d338a
orc-debuginfo-0.4.31-7.el9_0.x86_64.rpm SHA-256: 571abb2083567ab09bba15eff19a41c160cb712d0353a2ff72936364600aa505
orc-debugsource-0.4.31-7.el9_0.i686.rpm SHA-256: 9c20bb7f324a07bd1c33fe95e8d795e52f07f80cec6301cfad58a706cabc94db
orc-debugsource-0.4.31-7.el9_0.x86_64.rpm SHA-256: 128955156d1dd0ff72184b2ccb614a7ef4d4c17fbc38442da34777ba385e2f42
orc-devel-0.4.31-7.el9_0.i686.rpm SHA-256: bceaa0074dcb6e12520083805e5d67b239c34704d6ff573b7ff859edd557dea2
orc-devel-0.4.31-7.el9_0.x86_64.rpm SHA-256: 01c7cc74c30a3ba59cac54f7f1d993e251738f520abae8e30a0c517c286b9b93

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
orc-0.4.31-7.el9_0.src.rpm SHA-256: f0ef1eb0a0e364e6563d131032f526e920609056216b11cf3997aff708c42e6a
aarch64
orc-0.4.31-7.el9_0.aarch64.rpm SHA-256: 27614d3ec014bba11a1aab9ba9a1e285c0fccf68126c0c8e21cb265ac083ea0e
orc-compiler-0.4.31-7.el9_0.aarch64.rpm SHA-256: 7dbb895671cfc67b157e5e61543554b80a4e5135e9ce888fd7bb7a736aabb803
orc-compiler-debuginfo-0.4.31-7.el9_0.aarch64.rpm SHA-256: 00a077aa363c0e6f2fbb8e44db70ef780d8ebe8befec4da088d81782a4163290
orc-debuginfo-0.4.31-7.el9_0.aarch64.rpm SHA-256: 1d9b1a70994803c0d5a0a1b25cdc84146644973f7203710a7a22e9374c3efaa4
orc-debugsource-0.4.31-7.el9_0.aarch64.rpm SHA-256: 1b42cb37ac5f9ee40c147176f82a382ca2d6a852f0bca0d371655cc1351be790
orc-devel-0.4.31-7.el9_0.aarch64.rpm SHA-256: 66a9ddb772209c461ccb10d249e49219342add18abfe173856073cd9d187d955

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
orc-0.4.31-7.el9_0.src.rpm SHA-256: f0ef1eb0a0e364e6563d131032f526e920609056216b11cf3997aff708c42e6a
s390x
orc-0.4.31-7.el9_0.s390x.rpm SHA-256: 6365f25d9a1b3bc9c35c229ac35499c40c15a2105fbcebe68f911129d9710915
orc-compiler-0.4.31-7.el9_0.s390x.rpm SHA-256: f4d42ba7c7c03c5872a21e29f1b0fb0ac5374da039bf5eed59bd61c518c9acce
orc-compiler-debuginfo-0.4.31-7.el9_0.s390x.rpm SHA-256: 5278d15f578a12e05794e04259be44dbe6bd46eae34d88860396afcaabcefedc
orc-debuginfo-0.4.31-7.el9_0.s390x.rpm SHA-256: 985884c688a7c95bc4cdf4dbcd39122e06475c153053863c1d155170bf77d7c1
orc-debugsource-0.4.31-7.el9_0.s390x.rpm SHA-256: da86d2f4521083d2216f11f26c157c93a09666136001d5d45ca11b4fe728dd93
orc-devel-0.4.31-7.el9_0.s390x.rpm SHA-256: d6bc8c9e982b24fc507cc1076db8889fb920c8d0b07be78b8446f459e20f65dc

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.