Red Hat Product Errata RHSA-2024:5638 - Security Advisory
Issued:
2024-08-20
Updated:
2024-08-20

RHSA-2024:5638 - Security Advisory

Synopsis

Moderate: orc:0.4.31 security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the orc:0.4.31 module is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Orc is a library and set of tools for compiling and executing very simple programs that operate on arrays of data. The "language" is a generic assembly language that represents many of the features available in SIMD architectures, including saturated addition and subtraction, and many arithmetic operations.

Security Fix(es):

  • orc: Stack-based buffer overflow vulnerability in ORC (CVE-2024-40897)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

Fixes

  • BZ - 2300010 - CVE-2024-40897 orc: Stack-based buffer overflow vulnerability in ORC

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
x86_64
orc-0.4.31-7.el9_2.i686.rpm SHA-256: 58e59b2e3e650e600e928eead579c9680654224e6cf9397f28d4aba664cab518
orc-0.4.31-7.el9_2.x86_64.rpm SHA-256: 4821b030eac9b88167d0f1c70f3aab80374ba29651b8dc5c54936d54c42cc729
orc-compiler-0.4.31-7.el9_2.x86_64.rpm SHA-256: d3bfb2c5c28fb0318059bcdd90daec30bfd41e9d45fe8f777870b08919667c67
orc-compiler-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: 9b31ddc03b5b197f302395752c5acd6717ea211741b4552724aff78f96357326
orc-compiler-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: 03a53ffc70bb12241582d657849ed0c6478c5b3acac288f04c2bc0817d06fda4
orc-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: cab40a8bb2d1bb98691797428f75b29c70c77e9dd339a259778f801aafa95282
orc-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: bc050eb89860ebc364ed9f6433acb06c3ba747dc502aba76c005f9b69fbedfb2
orc-debugsource-0.4.31-7.el9_2.i686.rpm SHA-256: 020f95afa249dbb501057769cea40d55fd0e3cb69987ea4ddac96d6bcbadb54c
orc-debugsource-0.4.31-7.el9_2.x86_64.rpm SHA-256: 38b48c04f966f6de1ff360500b035d60182d36811aa27c2b6cc79115b9e0407a
orc-devel-0.4.31-7.el9_2.i686.rpm SHA-256: 94ebb3dbb4e3d6c6f67f64dfe26b824a03454ebf493767f14c8f88999d40959b
orc-devel-0.4.31-7.el9_2.x86_64.rpm SHA-256: 74a5c2f6699d407205dbadf02e29760620c540e3393b8f4ce7a5b8636d25661d

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
x86_64
orc-0.4.31-7.el9_2.i686.rpm SHA-256: 58e59b2e3e650e600e928eead579c9680654224e6cf9397f28d4aba664cab518
orc-0.4.31-7.el9_2.x86_64.rpm SHA-256: 4821b030eac9b88167d0f1c70f3aab80374ba29651b8dc5c54936d54c42cc729
orc-compiler-0.4.31-7.el9_2.x86_64.rpm SHA-256: d3bfb2c5c28fb0318059bcdd90daec30bfd41e9d45fe8f777870b08919667c67
orc-compiler-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: 9b31ddc03b5b197f302395752c5acd6717ea211741b4552724aff78f96357326
orc-compiler-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: 03a53ffc70bb12241582d657849ed0c6478c5b3acac288f04c2bc0817d06fda4
orc-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: cab40a8bb2d1bb98691797428f75b29c70c77e9dd339a259778f801aafa95282
orc-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: bc050eb89860ebc364ed9f6433acb06c3ba747dc502aba76c005f9b69fbedfb2
orc-debugsource-0.4.31-7.el9_2.i686.rpm SHA-256: 020f95afa249dbb501057769cea40d55fd0e3cb69987ea4ddac96d6bcbadb54c
orc-debugsource-0.4.31-7.el9_2.x86_64.rpm SHA-256: 38b48c04f966f6de1ff360500b035d60182d36811aa27c2b6cc79115b9e0407a
orc-devel-0.4.31-7.el9_2.i686.rpm SHA-256: 94ebb3dbb4e3d6c6f67f64dfe26b824a03454ebf493767f14c8f88999d40959b
orc-devel-0.4.31-7.el9_2.x86_64.rpm SHA-256: 74a5c2f6699d407205dbadf02e29760620c540e3393b8f4ce7a5b8636d25661d

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
s390x
orc-0.4.31-7.el9_2.s390x.rpm SHA-256: ea292587a135b9a97aaeec41cea07b523cc766bccefeaaa8479e5a40d6696f65
orc-compiler-0.4.31-7.el9_2.s390x.rpm SHA-256: 97409ebb67c7e4c9b6d1144a6632f591f18f22954a157f4c31259327cbbfc112
orc-compiler-debuginfo-0.4.31-7.el9_2.s390x.rpm SHA-256: 082f74258ddbd883c35768aa9a013bc835c99f26a65da372e193f03bb13c15db
orc-debuginfo-0.4.31-7.el9_2.s390x.rpm SHA-256: ace0bf3ea134d66c2d59c186f3b45f43d156579fc90b4d52c71e6cf153d89cc0
orc-debugsource-0.4.31-7.el9_2.s390x.rpm SHA-256: 82937c62cc3069df3d9190d2df18d3393f21772e688f48c0d122d6b68c9201bb
orc-devel-0.4.31-7.el9_2.s390x.rpm SHA-256: 12bd664d776af5d4fd442aa7264ff4933b14cac5fe373b6abea7e9728c7544a2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
ppc64le
orc-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 7851ebd4ed6848f2a5932633e0328bb868950caeec3f9d2ff6d1b8b64ec6d221
orc-compiler-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 6a286406ce7ce83aeac7977ff4e13b5bb9954146126467eb0b91a9fee58e5cdd
orc-compiler-debuginfo-0.4.31-7.el9_2.ppc64le.rpm SHA-256: e920c2acdefbfa2170ab2a64e635d749d2825a0732478c8f385a68bc49cd7eb7
orc-debuginfo-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 7d42d4820575adf130712039a36b9c122241aede868f3e34540ab5c64d7ceb88
orc-debugsource-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 6bbba210036ae4ba064964ad1dec44ba4a8ee4305c0a9adac968ca7cd038ae58
orc-devel-0.4.31-7.el9_2.ppc64le.rpm SHA-256: bc75882603472c432e6d30ddc2a7e209dc79d5354ef02c65e96f052b2147689e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
aarch64
orc-0.4.31-7.el9_2.aarch64.rpm SHA-256: d34cde491a3ae3349e33e3ae4948b06d071d9b983274dbf328347c2868d45ca1
orc-compiler-0.4.31-7.el9_2.aarch64.rpm SHA-256: 1888178c67bd626b6fd1d687212ad6af665ff051c91156503b9fbda4d0297b13
orc-compiler-debuginfo-0.4.31-7.el9_2.aarch64.rpm SHA-256: 2737770efea494cdf8b8e963a7edd3e0ced6c95f4e318bfbced746c4788a83e7
orc-debuginfo-0.4.31-7.el9_2.aarch64.rpm SHA-256: 3872149d36012ee7829c6ed72055973cd078f8fb726ba0b3afa60b6b5dc80a56
orc-debugsource-0.4.31-7.el9_2.aarch64.rpm SHA-256: 8412d63d666ab2baf1d60dfb3f5278052174d08ea9f05802b24b82367cf1cd7c
orc-devel-0.4.31-7.el9_2.aarch64.rpm SHA-256: d9e3fa47565a20d499d5da60b934904502038cbb269b25d680f854ad16b39130

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
ppc64le
orc-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 7851ebd4ed6848f2a5932633e0328bb868950caeec3f9d2ff6d1b8b64ec6d221
orc-compiler-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 6a286406ce7ce83aeac7977ff4e13b5bb9954146126467eb0b91a9fee58e5cdd
orc-compiler-debuginfo-0.4.31-7.el9_2.ppc64le.rpm SHA-256: e920c2acdefbfa2170ab2a64e635d749d2825a0732478c8f385a68bc49cd7eb7
orc-debuginfo-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 7d42d4820575adf130712039a36b9c122241aede868f3e34540ab5c64d7ceb88
orc-debugsource-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 6bbba210036ae4ba064964ad1dec44ba4a8ee4305c0a9adac968ca7cd038ae58
orc-devel-0.4.31-7.el9_2.ppc64le.rpm SHA-256: bc75882603472c432e6d30ddc2a7e209dc79d5354ef02c65e96f052b2147689e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
x86_64
orc-0.4.31-7.el9_2.i686.rpm SHA-256: 58e59b2e3e650e600e928eead579c9680654224e6cf9397f28d4aba664cab518
orc-0.4.31-7.el9_2.x86_64.rpm SHA-256: 4821b030eac9b88167d0f1c70f3aab80374ba29651b8dc5c54936d54c42cc729
orc-compiler-0.4.31-7.el9_2.x86_64.rpm SHA-256: d3bfb2c5c28fb0318059bcdd90daec30bfd41e9d45fe8f777870b08919667c67
orc-compiler-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: 9b31ddc03b5b197f302395752c5acd6717ea211741b4552724aff78f96357326
orc-compiler-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: 03a53ffc70bb12241582d657849ed0c6478c5b3acac288f04c2bc0817d06fda4
orc-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: cab40a8bb2d1bb98691797428f75b29c70c77e9dd339a259778f801aafa95282
orc-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: bc050eb89860ebc364ed9f6433acb06c3ba747dc502aba76c005f9b69fbedfb2
orc-debugsource-0.4.31-7.el9_2.i686.rpm SHA-256: 020f95afa249dbb501057769cea40d55fd0e3cb69987ea4ddac96d6bcbadb54c
orc-debugsource-0.4.31-7.el9_2.x86_64.rpm SHA-256: 38b48c04f966f6de1ff360500b035d60182d36811aa27c2b6cc79115b9e0407a
orc-devel-0.4.31-7.el9_2.i686.rpm SHA-256: 94ebb3dbb4e3d6c6f67f64dfe26b824a03454ebf493767f14c8f88999d40959b
orc-devel-0.4.31-7.el9_2.x86_64.rpm SHA-256: 74a5c2f6699d407205dbadf02e29760620c540e3393b8f4ce7a5b8636d25661d

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
aarch64
orc-0.4.31-7.el9_2.aarch64.rpm SHA-256: d34cde491a3ae3349e33e3ae4948b06d071d9b983274dbf328347c2868d45ca1
orc-compiler-0.4.31-7.el9_2.aarch64.rpm SHA-256: 1888178c67bd626b6fd1d687212ad6af665ff051c91156503b9fbda4d0297b13
orc-compiler-debuginfo-0.4.31-7.el9_2.aarch64.rpm SHA-256: 2737770efea494cdf8b8e963a7edd3e0ced6c95f4e318bfbced746c4788a83e7
orc-debuginfo-0.4.31-7.el9_2.aarch64.rpm SHA-256: 3872149d36012ee7829c6ed72055973cd078f8fb726ba0b3afa60b6b5dc80a56
orc-debugsource-0.4.31-7.el9_2.aarch64.rpm SHA-256: 8412d63d666ab2baf1d60dfb3f5278052174d08ea9f05802b24b82367cf1cd7c
orc-devel-0.4.31-7.el9_2.aarch64.rpm SHA-256: d9e3fa47565a20d499d5da60b934904502038cbb269b25d680f854ad16b39130

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
s390x
orc-0.4.31-7.el9_2.s390x.rpm SHA-256: ea292587a135b9a97aaeec41cea07b523cc766bccefeaaa8479e5a40d6696f65
orc-compiler-0.4.31-7.el9_2.s390x.rpm SHA-256: 97409ebb67c7e4c9b6d1144a6632f591f18f22954a157f4c31259327cbbfc112
orc-compiler-debuginfo-0.4.31-7.el9_2.s390x.rpm SHA-256: 082f74258ddbd883c35768aa9a013bc835c99f26a65da372e193f03bb13c15db
orc-debuginfo-0.4.31-7.el9_2.s390x.rpm SHA-256: ace0bf3ea134d66c2d59c186f3b45f43d156579fc90b4d52c71e6cf153d89cc0
orc-debugsource-0.4.31-7.el9_2.s390x.rpm SHA-256: 82937c62cc3069df3d9190d2df18d3393f21772e688f48c0d122d6b68c9201bb
orc-devel-0.4.31-7.el9_2.s390x.rpm SHA-256: 12bd664d776af5d4fd442aa7264ff4933b14cac5fe373b6abea7e9728c7544a2

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
x86_64
orc-0.4.31-7.el9_2.i686.rpm SHA-256: 58e59b2e3e650e600e928eead579c9680654224e6cf9397f28d4aba664cab518
orc-0.4.31-7.el9_2.x86_64.rpm SHA-256: 4821b030eac9b88167d0f1c70f3aab80374ba29651b8dc5c54936d54c42cc729
orc-compiler-0.4.31-7.el9_2.x86_64.rpm SHA-256: d3bfb2c5c28fb0318059bcdd90daec30bfd41e9d45fe8f777870b08919667c67
orc-compiler-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: 9b31ddc03b5b197f302395752c5acd6717ea211741b4552724aff78f96357326
orc-compiler-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: 03a53ffc70bb12241582d657849ed0c6478c5b3acac288f04c2bc0817d06fda4
orc-debuginfo-0.4.31-7.el9_2.i686.rpm SHA-256: cab40a8bb2d1bb98691797428f75b29c70c77e9dd339a259778f801aafa95282
orc-debuginfo-0.4.31-7.el9_2.x86_64.rpm SHA-256: bc050eb89860ebc364ed9f6433acb06c3ba747dc502aba76c005f9b69fbedfb2
orc-debugsource-0.4.31-7.el9_2.i686.rpm SHA-256: 020f95afa249dbb501057769cea40d55fd0e3cb69987ea4ddac96d6bcbadb54c
orc-debugsource-0.4.31-7.el9_2.x86_64.rpm SHA-256: 38b48c04f966f6de1ff360500b035d60182d36811aa27c2b6cc79115b9e0407a
orc-devel-0.4.31-7.el9_2.i686.rpm SHA-256: 94ebb3dbb4e3d6c6f67f64dfe26b824a03454ebf493767f14c8f88999d40959b
orc-devel-0.4.31-7.el9_2.x86_64.rpm SHA-256: 74a5c2f6699d407205dbadf02e29760620c540e3393b8f4ce7a5b8636d25661d

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
aarch64
orc-0.4.31-7.el9_2.aarch64.rpm SHA-256: d34cde491a3ae3349e33e3ae4948b06d071d9b983274dbf328347c2868d45ca1
orc-compiler-0.4.31-7.el9_2.aarch64.rpm SHA-256: 1888178c67bd626b6fd1d687212ad6af665ff051c91156503b9fbda4d0297b13
orc-compiler-debuginfo-0.4.31-7.el9_2.aarch64.rpm SHA-256: 2737770efea494cdf8b8e963a7edd3e0ced6c95f4e318bfbced746c4788a83e7
orc-debuginfo-0.4.31-7.el9_2.aarch64.rpm SHA-256: 3872149d36012ee7829c6ed72055973cd078f8fb726ba0b3afa60b6b5dc80a56
orc-debugsource-0.4.31-7.el9_2.aarch64.rpm SHA-256: 8412d63d666ab2baf1d60dfb3f5278052174d08ea9f05802b24b82367cf1cd7c
orc-devel-0.4.31-7.el9_2.aarch64.rpm SHA-256: d9e3fa47565a20d499d5da60b934904502038cbb269b25d680f854ad16b39130

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
ppc64le
orc-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 7851ebd4ed6848f2a5932633e0328bb868950caeec3f9d2ff6d1b8b64ec6d221
orc-compiler-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 6a286406ce7ce83aeac7977ff4e13b5bb9954146126467eb0b91a9fee58e5cdd
orc-compiler-debuginfo-0.4.31-7.el9_2.ppc64le.rpm SHA-256: e920c2acdefbfa2170ab2a64e635d749d2825a0732478c8f385a68bc49cd7eb7
orc-debuginfo-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 7d42d4820575adf130712039a36b9c122241aede868f3e34540ab5c64d7ceb88
orc-debugsource-0.4.31-7.el9_2.ppc64le.rpm SHA-256: 6bbba210036ae4ba064964ad1dec44ba4a8ee4305c0a9adac968ca7cd038ae58
orc-devel-0.4.31-7.el9_2.ppc64le.rpm SHA-256: bc75882603472c432e6d30ddc2a7e209dc79d5354ef02c65e96f052b2147689e

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
orc-0.4.31-7.el9_2.src.rpm SHA-256: 128250e7e053c08006b56a9a93ebe94edde3ecbf3d2eb0ad9314da7860f64d48
s390x
orc-0.4.31-7.el9_2.s390x.rpm SHA-256: ea292587a135b9a97aaeec41cea07b523cc766bccefeaaa8479e5a40d6696f65
orc-compiler-0.4.31-7.el9_2.s390x.rpm SHA-256: 97409ebb67c7e4c9b6d1144a6632f591f18f22954a157f4c31259327cbbfc112
orc-compiler-debuginfo-0.4.31-7.el9_2.s390x.rpm SHA-256: 082f74258ddbd883c35768aa9a013bc835c99f26a65da372e193f03bb13c15db
orc-debuginfo-0.4.31-7.el9_2.s390x.rpm SHA-256: ace0bf3ea134d66c2d59c186f3b45f43d156579fc90b4d52c71e6cf153d89cc0
orc-debugsource-0.4.31-7.el9_2.s390x.rpm SHA-256: 82937c62cc3069df3d9190d2df18d3393f21772e688f48c0d122d6b68c9201bb
orc-devel-0.4.31-7.el9_2.s390x.rpm SHA-256: 12bd664d776af5d4fd442aa7264ff4933b14cac5fe373b6abea7e9728c7544a2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.