Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
197
security advisorydebianprivilege escalationDebian 11 DLA-4494-1 Orthanc Important Privilege Escalation Fix
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access. For Debian 11 bullseye, this problem has been fixed in version. Debian LTS Advisory DLA-4494-1
Feb 28, 2026
•Important
Debian LTS
202
security advisorysecurity updateimportantopenSUSE Leap 16.1 Warning ID openSUSE-SU-2026-20205-3 Important Update
An update that solves 3 vulnerabilities can now be installed.. openSUSE security update: security update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20193-1 Rating: important Cross-References: * CVE-2024-22373 * CVE-2024-22391 * CVE-2024-25569 CVSS scores: * CVE-2024-22373 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-22391 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H * CVE-2024-25569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities can now be installed. Description: This update for orthanc, gdcm, orthanc-authorization, orthanc-dicomweb, orthanc-gdcm, orthanc-indexer, orthanc-mysql, orthanc-neuro, orthanc-postgresql, orthanc-python, orthanc-stl, orthanc-tcia, orthanc-wsi, python-pyorthanc fixes the following issues: Changes in orthanc: - dcmtk 370 breaks TW build - switch to lua 5.4 - patch out boost component system from framework - version 1.12.10 ' long changelog - see NEWS for details - apply boost patch to source tree - Stop trying to pull libboost_system-devel in all orthanc packages. - remove libboost_system-devel for TW (removed in boost 1.89) - version 1.12.9 * long changelog - see NEWS for details Changes in gdcm: - apply fix for poppler 25.10 build error Changes in orthanc-authorization: - version 0.10.3 * New default permissions for worklists * New default permissions for tools/metrics-prometheus * New default permissions for tools/generate-uid - version 0.10.2 * New default permissions to add/delete modalities through the Rest API https://discourse.orthanc-server.org/t/managing-modalities-using-the-rest-api-and-keycloak/6137 * New standard configuration "stl" - remove libboost_system-devel for TW (removed in boost 1.89)- - version 0.10.1 * Fix audit-logs export in CSV format. * New configuration "ExtraPermissions" to ADD new permissions to the default "Permissions" entries. * Improved handling of "Anonymous" user profiles (when no auth-tokens are provided): The plugin will now request the auth-service to get an anonymous user profile even if there are no auth-tokens in the HTTP request. * The User profile can now contain a "groups" field if the auth-service provides it. * The User profile can now contain an "id" field if the auth-service provides it. * New experimental feature: audit-logs - Enabled by the "EnableAuditLogs" configuration. - Audit-logs are currently handled by the PostgreSQL plugin and can be browsed through the route /auth/audit-logs. - New default permission "audit-logs" to grant access to the "/auth/audit-logs" route. * Fix: The "server-id" field is now included in all requests sent to the auth-service. Changes in orthanc-dicomweb: - version 1.22 * framework2.diff added for compatibilty with Orthanc framework 1 when the HTTP client disconnects while downloading the response. * Fixed "Success: Success" errors when trying to send resources synchronously to a remote DICOMweb server while the Orthanc job engine was busy with other tasks. - remove libboost_system-devel for TW (removed in boost 1.89) - version 1.21 * New configuration "WadoRsLoaderThreadsCount" to configure how many threads are loading files from the storage when answering to a WADO-RS query. A value > 1 is meaningful only if the storage is a distributed network storage (e.g object storage plugin). A value of 0 means reading and writing are performed in sequence (default behaviour). * New configuration "EnablePerformanceLogs" to display performance logs. Currently only showing the time required to execute a WADO-RS query. For example: WADO-RS: elapsed: 26106623 us, rate: 14.86 instances/s, 155.23Mbps * Fix false errors logs generated e.g when OHIF requests the /dicom-web/studies/../metadata route: "dicom-web:/Configuration.cpp:643] Unsupported return MIME type: application/dicom+json, multipart/related; type=application/octet-stream; transfer-syntax=*, will return DICOM+JSON" Changes in orthanc-gdcm: - version 1.8 * Prevent transcoding of DICOM images with empty SharedFunctionalGroupsSequence (5200,9229), as this might crash GDCM. * The built-in Orthanc transcoder being usually more stable, the default value of the "RestrictTransferSyntaxes" configuration has been updated to configure the GDCM plugin for J2K transfer syntaxes only since these transfer syntaxes are currently not supported by the built-in Orthanc transcoder. - If "RestrictTransferSyntaxes" is not specified in your configuration, it is now equivalent to "RestrictTransferSyntaxes" : [ "1.2.840.10008.1.2.4.90", // JPEG 2000 Image Compression (Lossless Only) "1.2.840.10008.1.2.4.91", // JPEG 2000 Image Compression "1.2.840.10008.1.2.4.92", // JPEG 2000 Part 2 Multicomponent Image Compression (Lossless Only) "1.2.840.10008.1.2.4.93" // JPEG 2000 Part 2 Multicomponent Image Compression ] which was the recommended configuration. - If "RestrictTransferSyntaxes" is defined but empty, the GDCM plugin will now be used to transcode ALL transfer syntaxes (this was the default behaviour up to version 1.7) - remove libboost_system-devel for TW (removed in boost 1.89) - version 1.7 * Upgrade to GDCM 3.0.24 for static builds. Fixes: - CVE-2024-22373: https://nvd.nist.gov/vuln/detail/CVE-2024-22373 - CVE-2024-22391: https://nvd.nist.gov/vuln/detail/CVE-2024-22391 - CVE-2024-25569: https://nvd.nist.gov/vuln/detail/CVE-2024-25569 Changes in orthanc-indexer: -remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-mysql: - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-neuro: - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-postgresql: - version 10.0 * update mainly providing new Reserve and Acknowledge primitives for Queues in plugins - remove libboost_system-devel for TW (removed in boost 1.89) - version 9.0 * DB-scheme rev. 6 - check Orthanc book - version 8.0 * no changelog provided * New DB scheme Changes in orthanc-python: - version 7.0 * The "orthanc.pyi" stub is now excluded from the "install" step during the build * Wrapped new SCP callbacks: - RegisterFindCallback2() - RegisterMoveCallback3() - RegisterWorklistCallback2() - RegisterStorageCommitmentScpCallback2() * Wrapped new Queues methods: - ReserveQueueValue() - AcknowledgeQueueValue() - remove libboost_system-devel for TW (removed in boost 1.89) - remove /usr/orthanc.pyi - unneeded - version 6.0 * The auto-generation of the Python wrapper is now part of the build, to exploit the ORTHANC_PLUGIN_SINCE_SDK macro. This provides backward compatibility with the SDK that is actually installed on the system * Added Windows builder for Python 3.13 * Added Docker-based builder scripts for Debian 13 (trixie) Changes in orthanc-stl: - patch out libboost-system to fix build error - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-tcia: - version 1.3 * Replaced default base URL of TCIA REST API from "https://services.cancerimagingarchive.net/services/v4/TCIA/query" to "https://nbia.cancerimagingarchive.net/nbia-api/services/v4" * Added configuration option "BaseUrl" to manually configure the base URL * Fix for newer versions of the NBIA cart file format * Upgrade to Orthanc framework 1.12.3 - remove libboost_system-devel for TW (removed in boost 1.89) Changes in orthanc-wsi: - fix build error w framework1.12.10 - version 3.3 * OrthancWSIDicomizer: - New option "--encoding" to specify the specific character set of DICOM instances - Placeholder tags are now automatically inserted when the "--dataset" option provides incomplete data, ensuring the generated DICOM instances remain valid - The version of the DICOM-izer is available in DICOM tag "SoftwareVersions" - ImagedVolumeWidth and ImagedVolumeHeight are swapped with respect to releases
Feb 11, 2026
•Important
OpenSUSE
197
security advisorydebiancrash issueDebian 11 DLA-4038-2 moderate: dcmtk regression causing crashes in Orthanc
In DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images, a regression in DLA-4038-1 has been fixed that caused crashes in Orthanc. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4038-2
Feb 12, 2025
•Important
Debian LTS
87
security advisorycriticalcode executionImportant Announcement DSA-5473-2 Regarding Orthanc RCE and File Issues
It was discovered that authenticated API users of Orthanc, a DICOM server for medical imaging, could overwrite arbitrary files and in some setups execute arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5473-1
Aug 08, 2023
•Important
Debian
202
security advisorysoftware updateimportantopenSUSE: 2022:10144-1 Important: GDCM and Orthanc Security Update
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10144-1 Rating: important References: #1181400 Cross-References: CVE-2022-2119 CVE-2022-2120 CVSS scores: CVE-2022-2119 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2120 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the following issues: Changes in gdcm: - Provides/obsoletes moved to lbgdcm-package (Thx DimStar) - rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br??ns) - version 3.0.18 no changelog - version 3.0.12 * support for poppler 22.03 added - version 3.0.11 * Fix for a significant issue with JPEG-LS and RGB color space * tons of small bug fixes - version 3.0.10 (no changelog) Changes in orthanc-gdcm: - changed dependency gdcm-libgdcm3_0 -> libgdcm3_0 - Version 1.5 * Take the configuration option "RestrictTransferSyntaxes" into account not only for decoding, but also for transcoding * Upgrade to GDCM 3.0.10 for static builds- Changes in orthanc: - version 1.11.2 * Added support for RGBA64 images in tools/create-dicom and /preview * New configuration "MaximumStorageMode" to choose between recyling of old patients (default behavior) and rejection of new incoming data when the MaximumStorageSize has been reached. * New sample plugin: "DelayedDeletion" that will delete files from disk asynchronously to speed up deletion oflarge studies. * Lua: new "SetHttpTimeout" function * Lua: new "OnHeartBeat" callback called at regular interval provided that you have configured "LuaHeartBeatPeriod" > 0. * "ExtraMainDicomTags" configuration now accepts Dicom Sequences. Sequences are stored in a dedicated new metadata "MainDicomSequences". This should improve DicomWeb QIDO-RS and avoid warnings like "Accessing Dicom tags from storage when accessing series : 0040,0275". Main dicom sequences can now be returned in "MainDicomTags" and in "RequestedTags". * Fix the "Never" option of the "StorageAccessOnFind" that was sill accessing files (bug introduced in 1.11.0). * Fix the Storage Cache for compressed files (bug introduced in 1.11.1). * Fix the storage cache that was not used by the Plugin SDK. This fixes the DicomWeb plugin "/rendered" route performance issues. * DelayedDeletion plugin: Fix leaking of symbols * SQLite now closes and deletes WAL and SHM files on exit. This should improve handling of SQLite DB over network drives. * Fix static compilation of boost 1.69 on Ubuntu 22.04 * Upgraded dependencies for static builds: - boost 1.80.0 - dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120) - openssl 3.0.5 * Housekeeper plugin: Fix resume of previous processing * Added missing MOVEPatientRootQueryRetrieveInformationModel in DicomControlUserConnection::SetupPresentationContexts() * Improved HttpClient error logging (add method + url) * API version upgraded to 18 * /system is now reporting "DatabaseServerIdentifier" * Added an Asynchronous mode to /modalities/../move. * "RequestedTags" option can now include DICOM sequences. * New function in the SDK: "OrthancPluginGetDatabaseServerIdentifier" * DicomMap::ParseMainDicomTags has been deprecated -> retrieve "full" tags and use DicomMap::FromDicomAsJson instead - version 1.11.0 * new APIversion 1.7 * new configuration parameter * for detailed changelog see NEWS - version 1.10.1 * for detailed changelog see NEWS - Version 1.9.7 * New configuration option "DicomAlwaysAllowMove" to disable verification of the remote modality in C-MOVE SCP * API version upgraded to 15 * Added "Level" option to POST /tools/bulk-modify * Added missing OpenAPI documentation of "KeepSource" in ".../modify" and ".../anonymize" * Added file CITATION.cff * Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of plugins * Fix upload of ZIP archives containing a DICOMDIR file * Fix computation of the estimated time of arrival in jobs * Support detection of windowing and rescale in Philips multiframe images Changes in orthanc-webviewer: - version 2.8 * Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart Kurutac, NCC Group) * framework190.diff removed (covered in actual version) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10144=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): gdcm-3.0.19-bp153.2.8.1 gdcm-applications-3.0.19-bp153.2.8.1 gdcm-applications-debuginfo-3.0.19-bp153.2.8.1 gdcm-debuginfo-3.0.19-bp153.2.8.1 gdcm-debugsource-3.0.19-bp153.2.8.1 gdcm-devel-3.0.19-bp153.2.8.1 gdcm-examples-3.0.19-bp153.2.8.1 libgdcm3_0-3.0.19-bp153.2.8.1 libgdcm3_0-debuginfo-3.0.19-bp153.2.8.1 libsocketxx1_2-3.0.19-bp153.2.8.1 libsocketxx1_2-debuginfo-3.0.19-bp153.2.8.1 orthanc-gdcm-1.5-bp153.2.6.1 orthanc-gdcm-debuginfo-1.5-bp153.2.6.1 orthanc-gdcm-debugsource-1.5-bp153.2.6.1 orthanc-webviewer-2.8-bp153.2.3.1 orthanc-webviewer-debuginfo-2.8-bp153.2.3.1 orthanc-webviewer-debugsource-2.8-bp153.2.3.1 python3-gdcm-3.0.19-bp153.2.8.1 python3-gdcm-debuginfo-3.0.19-bp153.2.8.1 - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le x86_64): orthanc-1.11.2-bp153.2.13.1 orthanc-debuginfo-1.11.2-bp153.2.13.1 orthanc-debugsource-1.11.2-bp153.2.13.1 orthanc-devel-1.11.2-bp153.2.13.1 orthanc-source-1.11.2-bp153.2.13.1 - openSUSE Backports SLE-15-SP3 (noarch): orthanc-doc-1.11.2-bp153.2.13.1 References: https://www.suse.com/security/cve/CVE-2022-2119.html https://www.suse.com/security/cve/CVE-2022-2120.html https://bugzilla.suse.com/1181400 . The latest Fedora release tackles significant vulnerabilities in gstreamer and flask frameworks to improve overall performance and reliability.. openSUSE Security Update, GDcm Patch, Orthanc Fixes, Threat Remediation. . Severity: Important. LinuxSecurity.com Team
Oct 12, 2022
•Important
OpenSUSE
202
security advisorysecurity issuecritical updateopenSUSE: 2022:10145-1 Critical: GDCM And Orthanc Security Issues
An update that fixes two vulnerabilities is now available. . openSUSE Security Update: Security update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10145-1 Rating: important References: Cross-References: CVE-2022-2119 CVE-2022-2120 CVSS scores: CVE-2022-2119 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2120 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the following issues: Changes in gdcm: - rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br??ns) - version 3.0.18 no changelog - version 3.0.12 * support for poppler 22.03 added Changes in orthanc-gdcm: - changed dependency gdcm-libgdcm3_0 -> libgdcm3_0 Changes in orthanc: - version 1.11.2 * Added support for RGBA64 images in tools/create-dicom and /preview * New configuration "MaximumStorageMode" to choose between recyling of old patients (default behavior) and rejection of new incoming data when the MaximumStorageSize has been reached. * New sample plugin: "DelayedDeletion" that will delete files from disk asynchronously to speed up deletion of large studies. * Lua: new "SetHttpTimeout" function * Lua: new "OnHeartBeat" callback called at regular interval provided that you have configured "LuaHeartBeatPeriod" > 0. * "ExtraMainDicomTags" configuration now accepts Dicom Sequences. Sequences are stored in a dedicated new metadata "MainDicomSequences". This should improve DicomWeb QIDO-RS and avoid warnings like"Accessing Dicom tags from storage when accessing series : 0040,0275". Main dicom sequences can now be returned in "MainDicomTags" and in "RequestedTags". * Fix the "Never" option of the "StorageAccessOnFind" that was sill accessing files (bug introduced in 1.11.0). * Fix the Storage Cache for compressed files (bug introduced in 1.11.1). * Fix the storage cache that was not used by the Plugin SDK. This fixes the DicomWeb plugin "/rendered" route performance issues. * DelayedDeletion plugin: Fix leaking of symbols * SQLite now closes and deletes WAL and SHM files on exit. This should improve handling of SQLite DB over network drives. * Fix static compilation of boost 1.69 on Ubuntu 22.04 * Upgraded dependencies for static builds: - boost 1.80.0 - dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120) - openssl 3.0.5 * Housekeeper plugin: Fix resume of previous processing * Added missing MOVEPatientRootQueryRetrieveInformationModel in DicomControlUserConnection::SetupPresentationContexts() * Improved HttpClient error logging (add method + url) * API version upgraded to 18 * /system is now reporting "DatabaseServerIdentifier" * Added an Asynchronous mode to /modalities/../move. * "RequestedTags" option can now include DICOM sequences. * New function in the SDK: "OrthancPluginGetDatabaseServerIdentifier" * DicomMap::ParseMainDicomTags has been deprecated -> retrieve "full" tags and use DicomMap::FromDicomAsJson instead Changes in orthanc-webviewer: - version 2.8 * Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart Kurutac, NCC Group) * framework190.diff removed (covered in actual version) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSEBackports SLE-15-SP4: zypper in -t patch openSUSE-2022-10145=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 ppc64le s390x x86_64): gdcm-3.0.19-bp154.2.5.1 gdcm-applications-3.0.19-bp154.2.5.1 gdcm-applications-debuginfo-3.0.19-bp154.2.5.1 gdcm-debuginfo-3.0.19-bp154.2.5.1 gdcm-debugsource-3.0.19-bp154.2.5.1 gdcm-devel-3.0.19-bp154.2.5.1 gdcm-examples-3.0.19-bp154.2.5.1 libgdcm3_0-3.0.19-bp154.2.5.1 libgdcm3_0-debuginfo-3.0.19-bp154.2.5.1 libsocketxx1_2-3.0.19-bp154.2.5.1 libsocketxx1_2-debuginfo-3.0.19-bp154.2.5.1 orthanc-gdcm-1.5-bp154.2.3.1 orthanc-gdcm-debuginfo-1.5-bp154.2.3.1 orthanc-gdcm-debugsource-1.5-bp154.2.3.1 orthanc-webviewer-2.8-bp154.2.3.1 orthanc-webviewer-debuginfo-2.8-bp154.2.3.1 orthanc-webviewer-debugsource-2.8-bp154.2.3.1 python3-gdcm-3.0.19-bp154.2.5.1 python3-gdcm-debuginfo-3.0.19-bp154.2.5.1 - openSUSE Backports SLE-15-SP4 (aarch64 ppc64le x86_64): orthanc-1.11.2-bp154.2.3.1 orthanc-debuginfo-1.11.2-bp154.2.3.1 orthanc-debugsource-1.11.2-bp154.2.3.1 orthanc-devel-1.11.2-bp154.2.3.1 orthanc-source-1.11.2-bp154.2.3.1 - openSUSE Backports SLE-15-SP4 (noarch): orthanc-doc-1.11.2-bp154.2.3.1 References: https://www.suse.com/security/cve/CVE-2022-2119.html https://www.suse.com/security/cve/CVE-2022-2120.html . Tackling pressing concerns in gdcm, orthanc, and associated tools through this vital openSUSE security patch.. OpenSUSE Security Patch, GDCM Update, Orthanc Issues Fix. . Severity: Important. LinuxSecurity.com Team
Oct 12, 2022
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!