Mageia alert MGASA-2023-0083 (dcmtk)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2023-0083: Updated dcmtk packages fix security vulnerability | |
| Date: | Sat, 11 Mar 2023 20:01:39 +0100 | |
| Message-ID: | <20230311190139.8C525A0E6A@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2023-0083 - Updated dcmtk packages fix security vulnerability Publication date: 11 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0083.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690, CVE-2022-2119, CVE-2022-2120, CVE-2022-2121, CVE-2022-43272 Description: Gjoko Krstic discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2015-8979) Omar Ganiev discovered that DCMTK incorrectly handled buffers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2019-1010228) Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, and CVE-2021-41690) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2022-2119 and CVE-2022-2120) Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-2121) It was discovered that DCMTK incorrectly handled certain inputs. If a user or an automated system were tricked into opening a certain specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. (CVE-2022-43272) References: - https://bugs.mageia.org/show_bug.cgi?id=30790 - https://dicom.offis.de/download/dcmtk/dcmtk367/ANNOUNCE - https://lists.fedoraproject.org/archives/list/package-ann... - https://lists.fedoraproject.org/archives/list/package-ann... - https://ubuntu.com/security/notices/USN-5882-1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2119 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2120 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2121 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4... SRPMS: - 8/core/dcmtk-3.6.5-3.1.mga8