<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="gs" style="margin: 0px; padding: 0px 0px 20px; width:
1362px; color: rgb(34, 34, 34); font-family: "Google
Sans", Roboto, RobotoDraft, Helvetica, Arial, sans-serif;
font-size: medium; font-style: normal; font-variant-ligatures:
normal; font-variant-caps: normal; font-weight: 400;
letter-spacing: normal; orphans: 2; text-align: start;
text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255); text-decoration-thickness:
initial; text-decoration-style: initial; text-decoration-color:
initial;">
<div class="">
<div id=":jv" class="ii gt" style="direction: ltr; margin: 8px
0px 0px; padding: 0px; position: relative; font-size:
0.875rem;">
<div id=":fq" class="a3s aiL " style="font: small / 1.5 Arial,
Helvetica, sans-serif; overflow: hidden;">==============================<wbr>==============================<wbr>==============<br>
Ubuntu Security Notice USN-5882-1<br>
February 22, 2023<br>
<br>
dcmtk vulnerabilities<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 22.10<br>
- Ubuntu 22.04 LTS<br>
- Ubuntu 20.04 LTS<br>
- Ubuntu 18.04 LTS<br>
- Ubuntu 16.04 ESM<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in DCMTK.<br>
<br>
Software Description:<br>
- dcmtk: OFFIS DICOM toolkit command line utilities<br>
<br>
Details:<br>
<br>
Gjoko Krstic discovered that DCMTK incorrectly handled
buffers. If a user or<br>
an automated system were tricked into opening a certain
specially crafted<br>
input file, a remote attacker could possibly use this issue
to cause a<br>
denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2015-8979)<br>
<br>
Omar Ganiev discovered that DCMTK incorrectly handled
buffers. If a user or<br>
an automated system were tricked into opening a certain
specially crafted<br>
input file, a remote attacker could possibly use this issue
to cause a<br>
denial of service. This issue only affected Ubuntu 16.04 LTS
and<br>
Ubuntu 18.04 LTS. (CVE-2019-1010228)<br>
<br>
Jinsheng Ba discovered that DCMTK incorrectly handled
certain requests. If a<br>
user or an automated system were tricked into opening a
certain specially<br>
crafted input file, a remote attacker could possibly use
this issue to<br>
cause a denial of service. This issue only affected Ubuntu
16.04 LTS,<br>
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2021-41687,<br>
CVE-2021-41688, CVE-2021-41689, and CVE-2021-41690)<br>
<br>
Sharon Brizinov and Noam Moshe discovered that DCMTK
incorrectly handled<br>
certain inputs. If a user or an automated system were
tricked into opening<br>
a certain specially crafted input file, a remote attacker
could possibly use<br>
this issue to execute arbitrary code. This issue only
affected<br>
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS.<br>
(CVE-2022-2119 and CVE-2022-2120)<br>
<br>
Sharon Brizinov and Noam Moshe discovered that DCMTK
incorrectly handled<br>
pointers. If a user or an automated system were tricked into
opening a<br>
certain specially crafted input file, a remote attacker
could possibly use<br>
this issue to cause a denial of service. This issue only
affected<br>
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and
Ubuntu 22.04 LTS.<br>
(CVE-2022-2121)<br>
<br>
It was discovered that DCMTK incorrectly handled certain
inputs. If a<br>
user or an automated system were tricked into opening a
certain specially<br>
crafted input file, a remote attacker could possibly use
this issue to<br>
cause a denial of service. This issue affected Ubuntu 16.04
LTS,<br>
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 22.10.<br>
(CVE-2022-43272)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 22.10:<br>
dcmtk 3.6.7-6ubuntu0.1<br>
libdcmtk17 3.6.7-6ubuntu0.1<br>
<br>
Ubuntu 22.04 LTS:<br>
dcmtk 3.6.6-5ubuntu0.1~esm1<br>
libdcmtk16 3.6.6-5ubuntu0.1~esm1<br>
<br>
Ubuntu 20.04 LTS:<br>
dcmtk 3.6.4-2.1ubuntu0.1~esm1<br>
libdcmtk14 3.6.4-2.1ubuntu0.1~esm1<br>
<br>
Ubuntu 18.04 LTS:<br>
dcmtk 3.6.2-3ubuntu0.1~esm1<br>
libdcmtk12 3.6.2-3ubuntu0.1~esm1<br>
<br>
Ubuntu 16.04 ESM:<br>
dcmtk 3.6.1~20150924-5ubuntu0.1~<wbr>esm1<br>
libdcmtk5 3.6.1~20150924-5ubuntu0.1~<wbr>esm1<br>
<br>
In general, a standard system update will make all the
necessary changes.<br>
<br>
References:<br>
<span> </span><a
href="https://ubuntu.com/security/notices/USN-5882-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-5882-1&source=gmail&ust=1677228973880000&usg=AOvVaw2jeos75f8eKxR9Gdn-n7Yc"
style="color: rgb(17, 85, 204);">https://ubuntu.com/security/no<wbr>tices/USN-5882-1</a><br>
CVE-2015-8979, CVE-2019-1010228, CVE-2021-41687,
CVE-2021-41688,<br>
CVE-2021-41689, CVE-2021-41690, CVE-2022-2119,
CVE-2022-2120,<br>
CVE-2022-2121, CVE-2022-43272<br>
<br>
Package Information:<br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/dcmtk/3.6.7-6ubuntu0.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dcmtk/3.6.7-6ubuntu0.1&source=gmail&ust=1677228973880000&usg=AOvVaw0gnZXbP2dRCgw5IeMU5MQK"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/dcmtk/3.6.7-6ubuntu0.1</a><br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/dcmtk/3.6.6-5ubuntu0.1~esm1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dcmtk/3.6.6-5ubuntu0.1~esm1&source=gmail&ust=1677228973880000&usg=AOvVaw2udyFAe82fa27czTHwMMGi"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/dcmtk/3.6.6-5ubuntu0.1~<wbr>esm1</a><br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/dcmtk/3.6.4-2.1ubuntu0.1~esm1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dcmtk/3.6.4-2.1ubuntu0.1~esm1&source=gmail&ust=1677228973880000&usg=AOvVaw1bhfd-7VolgXTgXU_abf5x"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/dcmtk/3.6.4-2.1ubuntu0.<wbr>1~esm1</a><br>
<span> </span><a
href="https://launchpad.net/ubuntu/+source/dcmtk/3.6.2-3ubuntu0.1~esm1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/dcmtk/3.6.2-3ubuntu0.1~esm1&source=gmail&ust=1677228973880000&usg=AOvVaw1GWQqahXmI24VHeX27fv9k"
style="color: rgb(17, 85, 204);">https://launchpad.net/ubuntu/+<wbr>source/dcmtk/3.6.2-3ubuntu0.1~<wbr>esm1</a>
<div class="yj6qo"></div>
<div class="adL"><br>
</div>
</div>
</div>
<div class="hi" style="border-bottom-left-radius: 1px;
border-bottom-right-radius: 1px; padding: 0px; width: auto;
background: rgb(242, 242, 242); margin: 0px;"></div>
</div>
</div>
<br class="Apple-interchange-newline">
<br>
<p></p>
</body>
</html>