An update that fixes two vulnerabilities is now available.
Description:
This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the
following issues:
Changes in gdcm:
-
Provides/obsoletes moved to lbgdcm-package (Thx DimStar)
-
rename of gdcm-libgdcm3_0 to libgdcm3_0 (proposal S. Br��ns)
-
version 3.0.18
no changelog
-
version 3.0.12
- support for poppler 22.03 added
-
version 3.0.11
- Fix for a significant issue with JPEG-LS and RGB color space
- tons of small bug fixes
-
version 3.0.10 (no changelog)
Changes in orthanc-gdcm:
- Take the configuration option “RestrictTransferSyntaxes” into account
not only for decoding, but also for transcoding
- Upgrade to GDCM 3.0.10 for static builds-
Changes in orthanc:
-
version 1.11.2
- Added support for RGBA64 images in tools/create-dicom and /preview
- New configuration “MaximumStorageMode” to choose between recyling of
old patients (default behavior) and rejection of new incoming data
when the MaximumStorageSize has been reached.
- New sample plugin: “DelayedDeletion” that will delete files from disk
asynchronously to speed up deletion of large studies.
- Lua: new “SetHttpTimeout” function
- Lua: new “OnHeartBeat” callback called at regular interval provided
that you have configured “LuaHeartBeatPeriod” > 0.
- “ExtraMainDicomTags” configuration now accepts Dicom Sequences.
Sequences are stored in a dedicated new metadata
“MainDicomSequences”. This should improve DicomWeb QIDO-RS and avoid
warnings like “Accessing Dicom tags from storage when accessing series
: 0040,0275”. Main dicom sequences can now be returned in
“MainDicomTags” and in “RequestedTags”.
- Fix the “Never” option of the “StorageAccessOnFind” that was sill
accessing files (bug introduced in 1.11.0).
- Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
- Fix the storage cache that was not used by the Plugin SDK. This fixes
the DicomWeb plugin “/rendered” route performance issues.
- DelayedDeletion plugin: Fix leaking of symbols
- SQLite now closes and deletes WAL and SHM files on exit. This should
improve handling of SQLite DB over network drives.
- Fix static compilation of boost 1.69 on Ubuntu 22.04
- Upgraded dependencies for static builds:
- boost 1.80.0
- dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
- openssl 3.0.5
- Housekeeper plugin: Fix resume of previous processing
- Added missing MOVEPatientRootQueryRetrieveInformationModel in
DicomControlUserConnection::SetupPresentationContexts()
- Improved HttpClient error logging (add method + url)
- API version upgraded to 18
- /system is now reporting “DatabaseServerIdentifier”
- Added an Asynchronous mode to /modalities/…/move.
- “RequestedTags” option can now include DICOM sequences.
- New function in the SDK: “OrthancPluginGetDatabaseServerIdentifier”
- DicomMap::ParseMainDicomTags has been deprecated -> retrieve “full”
tags and use DicomMap::FromDicomAsJson instead
-
version 1.11.0
- new API version 1.7
- new configuration parameter
- for detailed changelog see NEWS
- for detailed changelog see NEWS
- New configuration option “DicomAlwaysAllowMove” to disable verification
of the remote modality in C-MOVE SCP
- API version upgraded to 15
- Added “Level” option to POST /tools/bulk-modify
- Added missing OpenAPI documentation of “KeepSource” in “…/modify” and
“…/anonymize”
- Added file CITATION.cff
- Linux Standard Base (LSB) builds of Orthanc can load non-LSB builds of
plugins
- Fix upload of ZIP archives containing a DICOMDIR file
- Fix computation of the estimated time of arrival in jobs
- Support detection of windowing and rescale in Philips multiframe images
Changes in orthanc-webviewer:
- version 2.8
- Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart
Kurutac, NCC Group)
- framework190.diff removed (covered in actual version)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: