openSUSE Security Update: Security update for dcmtk
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2025:0053-1
Rating:             important
References:         #1223925 #1223943 #1227235 #1235810 #1235811 
                    
Cross-References:   CVE-2024-27628 CVE-2024-34508 CVE-2024-34509
                    CVE-2024-47796 CVE-2024-52333
Affected Products:
                    openSUSE Backports SLE-15-SP6
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for dcmtk fixes the following issues:

   Update to 3.6.9. See DOCS/CHANGES.368 for the full list of changes

   Security issues fixed:

   - CVE-2024-27628: Fixed buffer overflow via the EctEnhancedCT method
     (boo#1227235)
   - CVE-2024-34508: Fixed a segmentation fault via an invalid DIMSE message
     (boo#1223925)
   - CVE-2024-34509: Fixed segmentation fault via an invalid DIMSE message
     (boo#1223943)
   - CVE-2024-47796: Fixed out-of-bounds write due to improper array index
     validation in the nowindow functionality (boo#1235810)
   - CVE-2024-52333: Fixed out-of-bounds write due to improper array index
     validation in the determineMinMax functionality (boo#1235811)

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP6:

      zypper in -t patch openSUSE-2025-53=1

Package List:

   - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

      dcmtk-3.6.9-bp156.4.3.1
      dcmtk-devel-3.6.9-bp156.4.3.1
      libdcmtk19-3.6.9-bp156.4.3.1

References:

   https://www.suse.com/security/cve/CVE-2024-27628.html
   https://www.suse.com/security/cve/CVE-2024-34508.html
   https://www.suse.com/security/cve/CVE-2024-34509.html
   https://www.suse.com/security/cve/CVE-2024-47796.html
   https://www.suse.com/security/cve/CVE-2024-52333.html
   https://bugzilla.suse.com/1223925
   https://bugzilla.suse.com/1223943
   https://bugzilla.suse.com/1227235
   https://bugzilla.suse.com/1235810
   https://bugzilla.suse.com/1235811