An update that fixes two vulnerabilities is now available.

Description:

This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the
following issues:

Changes in gdcm:

– Provides/obsoletes moved to lbgdcm-package (Thx DimStar)
– rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br??ns)

– version 3.0.18

no changelog

– version 3.0.12

* support for poppler 22.03 added

– version 3.0.11

* Fix for a significant issue with JPEG-LS and RGB color space
* tons of small bug fixes

– version 3.0.10 (no changelog)

Changes in orthanc-gdcm:

– changed dependency gdcm-libgdcm3_0 -> libgdcm3_0

– Version 1.5

* Take the configuration option “RestrictTransferSyntaxes” into account
not only for decoding, but also for transcoding
* Upgrade to GDCM 3.0.10 for static builds-

Changes in orthanc:

– version 1.11.2
* Added support for RGBA64 images in tools/create-dicom and /preview
* New configuration “MaximumStorageMode” to choose between recyling of
old patients (default behavior) and rejection of new incoming data
when the MaximumStorageSize has been reached.
* New sample plugin: “DelayedDeletion” that will delete files from disk
asynchronously to speed up deletion of large studies.
* Lua: new “SetHttpTimeout” function
* Lua: new “OnHeartBeat” callback called at regular interval provided
that you have configured “LuaHeartBeatPeriod” > 0.
* “ExtraMainDicomTags” configuration now accepts Dicom Sequences.
Sequences are stored in a dedicated new metadata
“MainDicomSequences”. This should improve DicomWeb QIDO-RS and avoid
warnings like “Accessing Dicom tags from storage when accessing series
: 0040,0275″. Main dicom sequences can now be returned in
“MainDicomTags” and in “RequestedTags”.
* Fix the “Never” option of the “StorageAccessOnFind” that was sill
accessing files (bug introduced in 1.11.0).
* Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
* Fix the storage cache that was not used by the Plugin SDK. This fixes
the DicomWeb plugin “/rendered” route performance issues.
* DelayedDeletion plugin: Fix leaking of symbols
* SQLite now closes and deletes WAL and SHM files on exit. This should
improve handling of SQLite DB over network drives.
* Fix static compilation of boost 1.69 on Ubuntu 22.04
* Upgraded dependencies for static builds:
– boost 1.80.0
– dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
– openssl 3.0.5
* Housekeeper plugin: Fix resume of previous processing
* Added missing MOVEPatientRootQueryRetrieveInformationModel in
DicomControlUserConnection::SetupPresentationContexts()
* Improved HttpClient error logging (add method + url)
* API version upgraded to 18
* /system is now reporting “DatabaseServerIdentifier”
* Added an Asynchronous mode to /modalities/../move.
* “RequestedTags” option can now include DICOM sequences.
* New function in the SDK: “OrthancPluginGetDatabaseServerIdentifier”
* DicomMap::ParseMainDicomTags has been deprecated -> retrieve “full”
tags and use DicomMap::FromDicomAsJson instead

– version 1.11.0

* new API version 1.7
* new configuration parameter
* for detailed changelog see NEWS

– version 1.10.1

* for detailed changelog see NEWS

– Version 1.9.7

* New configuration option “DicomAlwaysAllowMove” to disable verification
of the remote modality in C-MOVE SCP
* API version upgraded to 15
* Added “Level” option to POST /tools/bulk-modify
* Added missing OpenAPI documentation of “KeepSource” in “…/modify” and
“…/anonymize”
* Added file CITATION.cff
* Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of
plugins
* Fix upload of ZIP archives containing a DICOMDIR file
* Fix computation of the estimated time of arrival in jobs
* Support detection of windowing and rescale in Philips multiframe images

Changes in orthanc-webviewer:

– version 2.8
* Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart
Kurutac, NCC Group)
* framework190.diff removed (covered in actual version)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2022-10144=1Read More