[SECURITY] Fedora 40 Update: gdcm-3.0.23-5.fc40

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-fae33e6e9f 2024-05-05 02:00:42.524244 -------------------------------------------------------------------------------- Name : gdcm Product : Fedora 40 Version : 3.0.23 Release : 5.fc40 URL : https://sourceforge.net/projects/gdcm/ Summary : Grassroots DiCoM is a C++ library to parse DICOM medical files Description : Grassroots DiCoM (GDCM) is a C++ library for DICOM medical files. It supports ACR-NEMA version 1 and 2 (huffman compression is not supported), RAW, JPEG, JPEG 2000, JPEG-LS, RLE and deflated transfer syntax. It comes with a super fast scanner implementation to quickly scan hundreds of DICOM files. It supports SCU network operations (C-ECHO, C-FIND, C-STORE, C-MOVE). PS 3.3 & 3.6 are distributed as XML files. It also provides PS 3.15 certificates and password based mechanism to anonymize and de-identify DICOM datasets. -------------------------------------------------------------------------------- Update Information: Security fixes TALOS-2024-1924, CVE-2024-22391: heap overflow TALOS-2024-1935, CVE-2024-22373: out-of-bounds write TALOS-2024-1944, CVE-2024-25569: out-of-bounds read Bug fixes Replace deprecated PyEval_CallObject for compatibility with Python 3.13 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 26 2024 Sandro <devel(a)penguinpee.nl&gt; - 3.0.23-5 - Apply security patches - Fix TALOS-2024-1924, CVE-2024-22391 (RHBZ#2277288) - Fix TALOS-2024-1935, CVE-2024-22373 (RHBZ#2277292) - Fix TALOS-2024-1944, CVE-2024-25569 (RHBZ#2277296) * Fri Apr 19 2024 Sandro <devel(a)penguinpee.nl&gt; - 3.0.23-4 - Replace deprecated PyEval_CallObject() (RHBZ#2245816) * Fri Mar 22 2024 S��rgio M. Basto <sergio(a)serjux.com&gt; - 3.0.23-3 - Update URL -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277284 - CVE-2024-22391 gdcm: crafted malformed file can lead to memory corruption due to heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=2277284 [ 2 ] Bug #2277289 - CVE-2024-22373 gdcm: out-of-bounds write vulnerability lead to a heap buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=2277289 [ 3 ] Bug #2277293 - CVE-2024-25569 gdcm: out-of-bounds read vulnerability in the RAWCodec::DecodeBytes https://bugzilla.redhat.com/show_bug.cgi?id=2277293 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-fae33e6e9f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------