liborc-0_4-0-0.4.39-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14216-1 Final 1 1 2024-07-24T00:00:00Z current 2024-07-24T00:00:00Z 2024-07-24T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z liborc-0_4-0-0.4.39-1.1 on GA media These are all security issues fixed in the liborc-0_4-0-0.4.39-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14216 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-40897/ SUSE CVE CVE-2024-40897 page openSUSE Tumbleweed liborc-0_4-0-0.4.39-1.1 liborc-0_4-0-32bit-0.4.39-1.1 orc-0.4.39-1.1 orc-doc-0.4.39-1.1 liborc-0_4-0-0.4.39-1.1 as a component of openSUSE Tumbleweed liborc-0_4-0-32bit-0.4.39-1.1 as a component of openSUSE Tumbleweed orc-0.4.39-1.1 as a component of openSUSE Tumbleweed orc-doc-0.4.39-1.1 as a component of openSUSE Tumbleweed Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. CVE-2024-40897 openSUSE Tumbleweed:liborc-0_4-0-0.4.39-1.1 openSUSE Tumbleweed:liborc-0_4-0-32bit-0.4.39-1.1 openSUSE Tumbleweed:orc-0.4.39-1.1 openSUSE Tumbleweed:orc-doc-0.4.39-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-40897.html CVE-2024-40897 https://bugzilla.suse.com/1228184 SUSE Bug 1228184