[SECURITY] [DSA 3749-1] dcmtk security update

2016-12-2909:57:29

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Debian Security Advisory DSA-3749-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
December 29, 2016 https://www.debian.org/security/faq

Package : dcmtk
CVE ID : CVE-2015-8979
Debian Bug : 848830

Gjoko Krstic of Zero Science Labs discovered that dcmtk, a collection
of libraries implementing the DICOM standard, did not properly handle
the size of data received the network. This could lead to
denial-of-service (via application crash) or arbitrary code execution.

For the stable distribution (jessie), this problem has been fixed in
version 3.6.0-15+deb8u1.

For the testing (stretch) and unstable (sid) distributions, this
problem has been fixed in version 3.6.1~20160216-2.

We recommend that you upgrade your dcmtk packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8armhfdcmtk< 3.6.0-15+deb8u1dcmtk_3.6.0-15+deb8u1_armhf.deb
Debian8powerpclibdcmtk2-dev< 3.6.0-15+deb8u1libdcmtk2-dev_3.6.0-15+deb8u1_powerpc.deb
Debian8powerpclibdcmtk2-dbg< 3.6.0-15+deb8u1libdcmtk2-dbg_3.6.0-15+deb8u1_powerpc.deb
Debian8s390xlibdcmtk2< 3.6.0-15+deb8u1libdcmtk2_3.6.0-15+deb8u1_s390x.deb
Debian8mipsdcmtk-www< 3.6.0-15+deb8u1dcmtk-www_3.6.0-15+deb8u1_mips.deb
Debian8mipsellibdcmtk2< 3.6.0-15+deb8u1libdcmtk2_3.6.0-15+deb8u1_mipsel.deb
Debian8s390xlibdcmtk2-dev< 3.6.0-15+deb8u1libdcmtk2-dev_3.6.0-15+deb8u1_s390x.deb
Debian8armhflibdcmtk2-dev< 3.6.0-15+deb8u1libdcmtk2-dev_3.6.0-15+deb8u1_armhf.deb
Debian8i386libdcmtk2-dev< 3.6.0-15+deb8u1libdcmtk2-dev_3.6.0-15+deb8u1_i386.deb
Debian7amd64libdcmtk2< 3.6.0-12+deb7u1libdcmtk2_3.6.0-12+deb7u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armhf	dcmtk	< 3.6.0-15+deb8u1	dcmtk_3.6.0-15+deb8u1_armhf.deb
Debian	8	powerpc	libdcmtk2-dev	< 3.6.0-15+deb8u1	libdcmtk2-dev_3.6.0-15+deb8u1_powerpc.deb
Debian	8	powerpc	libdcmtk2-dbg	< 3.6.0-15+deb8u1	libdcmtk2-dbg_3.6.0-15+deb8u1_powerpc.deb
Debian	8	s390x	libdcmtk2	< 3.6.0-15+deb8u1	libdcmtk2_3.6.0-15+deb8u1_s390x.deb
Debian	8	mips	dcmtk-www	< 3.6.0-15+deb8u1	dcmtk-www_3.6.0-15+deb8u1_mips.deb
Debian	8	mipsel	libdcmtk2	< 3.6.0-15+deb8u1	libdcmtk2_3.6.0-15+deb8u1_mipsel.deb
Debian	8	s390x	libdcmtk2-dev	< 3.6.0-15+deb8u1	libdcmtk2-dev_3.6.0-15+deb8u1_s390x.deb
Debian	8	armhf	libdcmtk2-dev	< 3.6.0-15+deb8u1	libdcmtk2-dev_3.6.0-15+deb8u1_armhf.deb
Debian	8	i386	libdcmtk2-dev	< 3.6.0-15+deb8u1	libdcmtk2-dev_3.6.0-15+deb8u1_i386.deb
Debian	7	amd64	libdcmtk2	< 3.6.0-12+deb7u1	libdcmtk2_3.6.0-12+deb7u1_amd64.deb