An update that fixes two vulnerabilities is now available.
Description:
This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the
following issues:
Changes in gdcm:
– rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br??ns)
– version 3.0.18
no changelog
– version 3.0.12
* support for poppler 22.03 added
Changes in orthanc-gdcm:
– changed dependency gdcm-libgdcm3_0 -> libgdcm3_0
Changes in orthanc:
– version 1.11.2
* Added support for RGBA64 images in tools/create-dicom and /preview
* New configuration “MaximumStorageMode” to choose between recyling of
old patients (default behavior) and rejection of new incoming data
when the MaximumStorageSize has been reached.
* New sample plugin: “DelayedDeletion” that will delete files from disk
asynchronously to speed up deletion of large studies.
* Lua: new “SetHttpTimeout” function
* Lua: new “OnHeartBeat” callback called at regular interval provided
that you have configured “LuaHeartBeatPeriod” > 0.
* “ExtraMainDicomTags” configuration now accepts Dicom Sequences.
Sequences are stored in a dedicated new metadata
“MainDicomSequences”. This should improve DicomWeb QIDO-RS and avoid
warnings like “Accessing Dicom tags from storage when accessing series
: 0040,0275″. Main dicom sequences can now be returned in
“MainDicomTags” and in “RequestedTags”.
* Fix the “Never” option of the “StorageAccessOnFind” that was sill
accessing files (bug introduced in 1.11.0).
* Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
* Fix the storage cache that was not used by the Plugin SDK. This fixes
the DicomWeb plugin “/rendered” route performance issues.
* DelayedDeletion plugin: Fix leaking of symbols
* SQLite now closes and deletes WAL and SHM files on exit. This should
improve handling of SQLite DB over network drives.
* Fix static compilation of boost 1.69 on Ubuntu 22.04
* Upgraded dependencies for static builds:
– boost 1.80.0
– dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
– openssl 3.0.5
* Housekeeper plugin: Fix resume of previous processing
* Added missing MOVEPatientRootQueryRetrieveInformationModel in
DicomControlUserConnection::SetupPresentationContexts()
* Improved HttpClient error logging (add method + url)
* API version upgraded to 18
* /system is now reporting “DatabaseServerIdentifier”
* Added an Asynchronous mode to /modalities/../move.
* “RequestedTags” option can now include DICOM sequences.
* New function in the SDK: “OrthancPluginGetDatabaseServerIdentifier”
* DicomMap::ParseMainDicomTags has been deprecated -> retrieve “full”
tags and use DicomMap::FromDicomAsJson instead
Changes in orthanc-webviewer:
– version 2.8
* Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart
Kurutac, NCC Group)
* framework190.diff removed (covered in actual version)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Backports SLE-15-SP4:
zypper in -t patch openSUSE-2022-10145=1Read More
References
Back to Main