openSUSE-SU-2022:10144-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10144-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:10144-1
Related
Published
2022-10-12T15:35:18Z
Modified
2022-10-12T15:35:18Z
Summary
Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer
Details

This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the following issues:

Changes in gdcm:

  • Provides/obsoletes moved to lbgdcm-package (Thx DimStar)

  • rename of gdcm-libgdcm30 to libgdcm30 (proposal S. Br�ns)

  • version 3.0.18

    no changelog

  • version 3.0.12

    • support for poppler 22.03 added

  • version 3.0.11

    • Fix for a significant issue with JPEG-LS and RGB color space
    • tons of small bug fixes

  • version 3.0.10 (no changelog)

Changes in orthanc-gdcm:

  • changed dependency gdcm-libgdcm30 -> libgdcm30

  • Version 1.5

  • Take the configuration option 'RestrictTransferSyntaxes' into account not only for decoding, but also for transcoding

  • Upgrade to GDCM 3.0.10 for static builds-

Changes in orthanc:

  • version 1.11.2

    • Added support for RGBA64 images in tools/create-dicom and /preview
    • New configuration 'MaximumStorageMode' to choose between recyling of old patients (default behavior) and rejection of new incoming data when the MaximumStorageSize has been reached.
    • New sample plugin: 'DelayedDeletion' that will delete files from disk asynchronously to speed up deletion of large studies.
    • Lua: new 'SetHttpTimeout' function
    • Lua: new 'OnHeartBeat' callback called at regular interval provided that you have configured 'LuaHeartBeatPeriod' > 0.
    • 'ExtraMainDicomTags' configuration now accepts Dicom Sequences. Sequences are stored in a dedicated new metadata 'MainDicomSequences'. This should improve DicomWeb QIDO-RS and avoid warnings like 'Accessing Dicom tags from storage when accessing series : 0040,0275'. Main dicom sequences can now be returned in 'MainDicomTags' and in 'RequestedTags'.
    • Fix the 'Never' option of the 'StorageAccessOnFind' that was sill accessing files (bug introduced in 1.11.0).
    • Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
    • Fix the storage cache that was not used by the Plugin SDK. This fixes the DicomWeb plugin '/rendered' route performance issues.
    • DelayedDeletion plugin: Fix leaking of symbols
    • SQLite now closes and deletes WAL and SHM files on exit. This should improve handling of SQLite DB over network drives.
    • Fix static compilation of boost 1.69 on Ubuntu 22.04
    • Upgraded dependencies for static builds:
      • boost 1.80.0
      • dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
      • openssl 3.0.5
    • Housekeeper plugin: Fix resume of previous processing
    • Added missing MOVEPatientRootQueryRetrieveInformationModel in DicomControlUserConnection::SetupPresentationContexts()
    • Improved HttpClient error logging (add method + url)
    • API version upgraded to 18
    • /system is now reporting 'DatabaseServerIdentifier'
    • Added an Asynchronous mode to /modalities/../move.
    • 'RequestedTags' option can now include DICOM sequences.
    • New function in the SDK: 'OrthancPluginGetDatabaseServerIdentifier'
    • DicomMap::ParseMainDicomTags has been deprecated -> retrieve 'full' tags and use DicomMap::FromDicomAsJson instead

  • version 1.11.0

  • new API version 1.7

  • new configuration parameter

  • for detailed changelog see NEWS

  • version 1.10.1

  • for detailed changelog see NEWS

  • Version 1.9.7

  • New configuration option 'DicomAlwaysAllowMove' to disable verification of the remote modality in C-MOVE SCP

  • API version upgraded to 15
  • Added 'Level' option to POST /tools/bulk-modify
  • Added missing OpenAPI documentation of 'KeepSource' in '.../modify' and '.../anonymize'
  • Added file CITATION.cff
  • Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of plugins
  • Fix upload of ZIP archives containing a DICOMDIR file
  • Fix computation of the estimated time of arrival in jobs
  • Support detection of windowing and rescale in Philips multiframe images

Changes in orthanc-webviewer:

  • version 2.8
    • Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart Kurutac, NCC Group)
    • framework190.diff removed (covered in actual version)
References

Affected packages

SUSE:Package Hub 15 SP3 / gdcm

Package

Name
gdcm
Purl
pkg:rpm/suse/gdcm&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.19-bp153.2.8.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

SUSE:Package Hub 15 SP3 / orthanc

Package

Name
orthanc
Purl
pkg:rpm/suse/orthanc&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.2-bp153.2.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

SUSE:Package Hub 15 SP3 / orthanc-gdcm

Package

Name
orthanc-gdcm
Purl
pkg:rpm/suse/orthanc-gdcm&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5-bp153.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

SUSE:Package Hub 15 SP3 / orthanc-webviewer

Package

Name
orthanc-webviewer
Purl
pkg:rpm/suse/orthanc-webviewer&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

openSUSE:Leap 15.3 / gdcm

Package

Name
gdcm
Purl
pkg:rpm/opensuse/gdcm&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.19-bp153.2.8.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

openSUSE:Leap 15.3 / orthanc

Package

Name
orthanc
Purl
pkg:rpm/opensuse/orthanc&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.11.2-bp153.2.13.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

openSUSE:Leap 15.3 / orthanc-gdcm

Package

Name
orthanc-gdcm
Purl
pkg:rpm/opensuse/orthanc-gdcm&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5-bp153.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}

openSUSE:Leap 15.3 / orthanc-webviewer

Package

Name
orthanc-webviewer
Purl
pkg:rpm/opensuse/orthanc-webviewer&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "gdcm-devel": "3.0.19-bp153.2.8.1",
            "orthanc-source": "1.11.2-bp153.2.13.1",
            "libsocketxx1_2": "3.0.19-bp153.2.8.1",
            "orthanc": "1.11.2-bp153.2.13.1",
            "gdcm-applications": "3.0.19-bp153.2.8.1",
            "orthanc-gdcm": "1.5-bp153.2.6.1",
            "orthanc-webviewer": "2.8-bp153.2.3.1",
            "orthanc-doc": "1.11.2-bp153.2.13.1",
            "gdcm": "3.0.19-bp153.2.8.1",
            "orthanc-devel": "1.11.2-bp153.2.13.1",
            "gdcm-examples": "3.0.19-bp153.2.8.1",
            "libgdcm3_0": "3.0.19-bp153.2.8.1",
            "python3-gdcm": "3.0.19-bp153.2.8.1"
        }
    ]
}