An update that fixes two vulnerabilities is now available.
Description:
This update for gdcm, orthanc, orthanc-gdcm, orthanc-webviewer fixes the
following issues:
Changes in gdcm:
Changes in orthanc-gdcm:
- changed dependency gdcm-libgdcm3_0 -> libgdcm3_0
Changes in orthanc:
- version 1.11.2
- Added support for RGBA64 images in tools/create-dicom and /preview
- New configuration “MaximumStorageMode” to choose between recyling of
old patients (default behavior) and rejection of new incoming data
when the MaximumStorageSize has been reached.
- New sample plugin: “DelayedDeletion” that will delete files from disk
asynchronously to speed up deletion of large studies.
- Lua: new “SetHttpTimeout” function
- Lua: new “OnHeartBeat” callback called at regular interval provided
that you have configured “LuaHeartBeatPeriod” > 0.
- “ExtraMainDicomTags” configuration now accepts Dicom Sequences.
Sequences are stored in a dedicated new metadata
“MainDicomSequences”. This should improve DicomWeb QIDO-RS and avoid
warnings like “Accessing Dicom tags from storage when accessing series
: 0040,0275”. Main dicom sequences can now be returned in
“MainDicomTags” and in “RequestedTags”.
- Fix the “Never” option of the “StorageAccessOnFind” that was sill
accessing files (bug introduced in 1.11.0).
- Fix the Storage Cache for compressed files (bug introduced in 1.11.1).
- Fix the storage cache that was not used by the Plugin SDK. This fixes
the DicomWeb plugin “/rendered” route performance issues.
- DelayedDeletion plugin: Fix leaking of symbols
- SQLite now closes and deletes WAL and SHM files on exit. This should
improve handling of SQLite DB over network drives.
- Fix static compilation of boost 1.69 on Ubuntu 22.04
- Upgraded dependencies for static builds:
- boost 1.80.0
- dcmtk 3.6.7 (fixes CVE-2022-2119 and CVE-2022-2120)
- openssl 3.0.5
- Housekeeper plugin: Fix resume of previous processing
- Added missing MOVEPatientRootQueryRetrieveInformationModel in
DicomControlUserConnection::SetupPresentationContexts()
- Improved HttpClient error logging (add method + url)
- API version upgraded to 18
- /system is now reporting “DatabaseServerIdentifier”
- Added an Asynchronous mode to /modalities/…/move.
- “RequestedTags” option can now include DICOM sequences.
- New function in the SDK: “OrthancPluginGetDatabaseServerIdentifier”
- DicomMap::ParseMainDicomTags has been deprecated -> retrieve “full”
tags and use DicomMap::FromDicomAsJson instead
Changes in orthanc-webviewer:
-
version 2.8
- Fix XSS inside DICOM in Orthanc Web Viewer (as reported by Stuart
Kurutac, NCC Group)
- framework190.diff removed (covered in actual version)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: