Tuesday, September 17, 2024

[USN-7010-1] DCMTK vulnerabilities

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSyA9nA4R5iZYAVzFrgLM9xllPy5AUCZulZfAUDAAAAAAAKCRDgLM9xllPy5GO+
APsHWpwdfvWKeuBu5zs/TqcyFLNvboc9zHVlND47Yrw+JQD+PSGeUByAjipS/UzSIfwGaZdPxd48
soXpp+xMpW4D5Ao=
=goxb
-----END PGP SIGNATURE-----
==========================================================================  Ubuntu Security Notice USN-7010-1  September 17, 2024    dcmtk vulnerabilities  ==========================================================================    A security issue affects these releases of Ubuntu and its derivatives:    - Ubuntu 24.04 LTS  - Ubuntu 22.04 LTS  - Ubuntu 20.04 LTS  - Ubuntu 18.04 LTS  - Ubuntu 16.04 LTS    Summary:    Several security issues were fixed in DCMTK.    Software Description:  - dcmtk: OFFIS DICOM toolkit command line utilities    Details:    Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If  a user or an automated system were tricked into opening a certain specially  crafted input file, a remote attacker could possibly use this issue to  cause a denial of service. This issue only affected Ubuntu 20.04 LTS.  (CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690)    Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled  pointers. If a user or an automated system were tricked into opening a  certain specially crafted input file, a remote attacker could possibly use  this issue to cause a denial of service. This issue only affected  Ubuntu 20.04 LTS. (CVE-2022-2121)    It was discovered that DCMTK incorrectly handled certain inputs. If a  user or an automated system were tricked into opening a certain specially  crafted input file, a remote attacker could possibly use this issue to  cause a denial of service. This issue only affected Ubuntu 20.04 LTS.  (CVE-2022-43272)    It was discovered that DCMTK incorrectly handled certain inputs. If a  user or an automated system were tricked into opening a certain specially  crafted input file, a remote attacker could possibly use this issue to  execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS  and Ubuntu 22.04 LTS. (CVE-2024-28130)    It was discovered that DCMTK incorrectly handled memory when processing an  invalid incoming DIMSE message. An attacker could possibly use this issue  to cause a denial of service. (CVE-2024-34508, CVE-2024-34509)    Update instructions:    The problem can be corrected by updating your system to the following  package versions:    Ubuntu 24.04 LTS    dcmtk                           3.6.7-9.1ubuntu0.1~esm1                                    Available with Ubuntu Pro    libdcmtk17t64                   3.6.7-9.1ubuntu0.1~esm1                                    Available with Ubuntu Pro    Ubuntu 22.04 LTS    dcmtk                           3.6.6-5ubuntu0.1~esm2                                    Available with Ubuntu Pro    libdcmtk16                      3.6.6-5ubuntu0.1~esm2                                    Available with Ubuntu Pro    Ubuntu 20.04 LTS    dcmtk                           3.6.4-2.1ubuntu0.1    libdcmtk14                      3.6.4-2.1ubuntu0.1    Ubuntu 18.04 LTS    dcmtk                           3.6.2-3ubuntu0.1~esm2                                    Available with Ubuntu Pro    libdcmtk12                      3.6.2-3ubuntu0.1~esm2                                    Available with Ubuntu Pro    Ubuntu 16.04 LTS    dcmtk                           3.6.1~20150924-5ubuntu0.1~esm2                                    Available with Ubuntu Pro    libdcmtk5                       3.6.1~20150924-5ubuntu0.1~esm2                                    Available with Ubuntu Pro    In general, a standard system update will make all the necessary changes.    References:    https://ubuntu.com/security/notices/USN-7010-1    CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690,    CVE-2022-2121, CVE-2022-43272, CVE-2024-28130, CVE-2024-34508,    CVE-2024-34509    Package Information:    https://launchpad.net/ubuntu/+source/dcmtk/3.6.4-2.1ubuntu0.1    

No comments:

Post a Comment