Mageia alert MGASA-2024-0251 (dcmtk)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2024-0251: Updated dcmtk packages fix security vulnerabilities | |
| Date: | Wed, 03 Jul 2024 18:37:04 +0200 | |
| Message-ID: | <20240703163704.798D6A0D3F@duvel.mageia.org> | |
| Archive-link: | Article |
MGASA-2024-0251 - Updated dcmtk packages fix security vulnerabilities Publication date: 03 Jul 2024 URL: https://advisories.mageia.org/MGASA-2024-0251.html Type: security Affected Mageia releases: 9 CVE: CVE-2024-28130, CVE-2024-34508, CVE-2024-34509 Description: Multiple vulnerabilities have benn fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2021-41687 Incorrect freeing of memory CVE-2021-41688 Incorrect freeing of memory CVE-2021-41689 NULL pointer dereference CVE-2021-41690 Incorrect freeing of memory CVE-2022-2121 NULL pointer dereference CVE-2022-43272 Memory leak in single process mode CVE-2024-28130 Segmentation faults due to incorrect typecast CVE-2024-34508 Segmentation fault via invalid DIMSE message CVE-2024-34509 Segmentation fault via invalid DIMSE message References: - https://bugs.mageia.org/show_bug.cgi?id=33350 - https://lists.debian.org/debian-lts-announce/2024/06/msg0... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3... - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3... SRPMS: - 9/core/dcmtk-3.6.7-4.1.mga9