Fedora Linux 8779 Published by

A new GDCM security update has been released for Fedora Linux 38:

Fedora 38 Update: gdcm-3.0.21-4.fc38




Fedora 38 Update: gdcm-3.0.21-4.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7a57842ec3
2024-05-05 01:39:03.580095
--------------------------------------------------------------------------------

Name : gdcm
Product : Fedora 38
Version : 3.0.21
Release : 4.fc38
URL : http://gdcm.sourceforge.net/wiki/index.php/Main_Page
Summary : Grassroots DiCoM is a C++ library to parse DICOM medical files
Description :
Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files.
It supports ACR-NEMA version 1 and 2 (huffman compression is not supported),
RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax.
It comes with a super fast scanner implementation to quickly scan hundreds of
DICOM files. It supports SCU network operations (C-ECHO, C-FIND, C-STORE,
C-MOVE). PS 3.3 & 3.6 are distributed as XML files.
It also provides PS 3.15 certificates and password based mechanism to
anonymize and de-identify DICOM datasets.

--------------------------------------------------------------------------------
Update Information:

Security fixes
TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read
Bug fixes
Replace deprecated PyEval_CallObject for compatibility with Python 3.13
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 26 2024 Sandro [devel@penguinpee.nl] - 3.0.21-3
- Apply security patches
- Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288)
- Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292)
- Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296)
* Fri Apr 26 2024 Sandro [devel@penguinpee.nl] - 3.0.21-2
- Replace deprecated PyEval_CallObject() (RHBZ#2245816)
* Fri Apr 26 2024 Sandro [devel@penguinpee.nl] - 3.0.21-1
- Revert "Update to 3.0.22"
* Fri Apr 26 2024 Sandro [devel@penguinpee.nl] - 3.0.22-1
- Revert "Update to 3.0.23"
* Wed Mar 6 2024 Sandro [devel@penguinpee.nl] - 3.0.23-2
- Migrate to SPDX license
* Wed Mar 6 2024 Sandro [devel@penguinpee.nl] - 3.0.23-1
- Update to 3.0.23 (RHBZ#2257639)
- Drop `157.patch` (merged upstream)
- Bump soname
* Wed Mar 6 2024 Orion Poplawski [orion@nwra.com] - 3.0.22-1
- Update to 3.0.22
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2277284 - CVE-2024-22391 gdcm: crafted malformed file can lead to memory corruption due to heap overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2277284
[ 2 ] Bug #2277289 - CVE-2024-22373 gdcm: out-of-bounds write vulnerability lead to a heap buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=2277289
[ 3 ] Bug #2277293 - CVE-2024-25569 gdcm: out-of-bounds read vulnerability in the RAWCodec::DecodeBytes
https://bugzilla.redhat.com/show_bug.cgi?id=2277293
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7a57842ec3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--