Debian alert DLA-4494-1 (orthanc)
| From: | Paride Legovini <paride@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4494-1] orthanc security update | |
| Date: | Sat, 28 Feb 2026 17:27:20 +0100 | |
| Message-ID: | <a09eec121c70e6bd0278c0edf91c197e@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4494-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Paride Legovini February 28, 2026 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : orthanc Version : 1.9.2+really1.9.1+dfsg-1+deb11u2 CVE ID : CVE-2025-15581 Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access. For Debian 11 bullseye, this problem has been fixed in version 1.9.2+really1.9.1+dfsg-1+deb11u2. We recommend that you upgrade your orthanc packages. For the detailed security status of orthanc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/orthanc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- wsC7BAEBCgBvBYJpoxdfCRDWWGGIPgFNuUcUAAAAAAAeACBzYWx0QG5vdGF0aW9u cy5zZXF1b2lhLXBncC5vcmdsCRyJb65zkTwDH++CnDes5Auuwx29NhvfwflOyZ1A MBYhBFYa1YXu12aSG6jdltZYYYg+AU25AAA38wf/cVl+luLaoYtU2ackg+Q6hiKw NBp/OyaFOiwrrent1YPuUfxDOVws8HV6/ys63fwo6YS0MSPxHMHvHixmouv+dJO4 MDHNhpPMuESfpbgMoj8xlyEHwt3e5DR1fCEyF+1qVAnPfh5aKkoJp4ysckr/XD2n BxXvIxBoiETdvdfQmG3PlW4KGQDepoVsEnummrvMz2SB6/sndNHlNwgiEeoMV6ob pJOVJq7gcxQiMm+G7MTiSuXci8GQ7oRSgKkO3WP1B3xHg+CCDLdrbcNWSrV/jqhH t0hliUDsG2gnMIUVJ8GioBOdLNkQRxJbwPcOXQVqOi0sqgnnFnT88yOe8TJaiA== =LhZx -----END PGP SIGNATURE-----