** Summary changed: - Segmentation fault after installing ubuntu 20.04 security update 3.6.4-2.1ubuntu0.1 + Regression: CVE-2021-41687 introduces a segmentation fault on storescu
** Description changed: - Dear package maintainers of dcmtk, libdcmtk14, libdcmtk-dev, + [Impact] - Today, we have applied the latest update 3.6.4-2.1ubuntu0.1. See details https://ubuntu.pkgs.org/20.04/ubuntu-updates-universe-arm64/libdcmtk14_3.6.4-2.1ubuntu0.1_arm64.deb.html - ' - When running the dcmtk tool storescu, sending data is performed correctly, but the tool crashes. The last 3 lines of the command line output are: - I: Received Store Response (Success) - I: Releasing Association + The patch for CVE-2021-41687, below: + + commit a9697dfeb672b0b9412c00c7d36d801e27ec85cb + Author: Michael Onken <[email protected]> + Date: Sat Oct 2 00:29:56 2021 +0200 + Subject: Fixed poss. NULL pointer dereference/double free. + Link: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb + + takes two very similar functions: + + dcmnet/libsrc/assoc.cc + static void destroyPresentationContextList(LST_HEAD ** lst) + + dcmnet/libsrc/dulfsm.cc + void destroyPresentationContextList(LST_HEAD ** l) + + which have suspiciously similar names, suspiciously similar signatures, and + suspiciously close functionalities, and merges them into a single, new + implementation: + + dcmnet/libsrc/helpers.cc + void destroyPresentationContextList(LST_HEAD ** l) + + which is pretty much the one from dcmnet/libsrc/dulfsm.cc. + + The problem is, they do very different things, and introduce a segmentation + fault any time ASC_destroyAssociationParameters() is called. + + This breaks storescp, and there are no workarounds. + + Affected versions: + focal 3.6.4-2.1ubuntu0.1 + bionic 3.6.2-3ubuntu0.1~esm2 + xenial 3.6.1~20150924-5ubuntu0.1~esm2 + + [Testcase] + + $ sudo apt install dcmtk + + Download a test .dcm image from: + https://support.dcmtk.org/redmine/projects/dcmtk/wiki/DICOM_images + + Open two terminals. On one. run: + $ storescp 1437 Segmentation fault (core dumped) - According to our analysis, the code crashes when function - ASC_destroyAssociation(...) is called. + and on the other: + $ dcmsend localhost 1437 rp_test.dcm + Segmentation fault (core dumped) - If I downgrade to package version 3.6.4-2.1build2, everything works - fine. + Both processes will segmentation fault after the file has been + transmitted. - Could you please investigate this issue? + If you install test packages from the following ppa: - Bye, - Andreas Zolnay + https://launchpad.net/~mruffell/+archive/ubuntu/sf413845-test + + The segmentation faults will no longer occur. + + [Where problems can occur] + + We are correcting multiple function calls to point back to the old + implementation that it used to use before the changes were made. This function + does have a new name, and there are risks that some functions will slip through + the cracks, as the previous function calls have an identical name as another + function that has an incorrect implementation. + + If a regression were to occur, it would likely cause a segmentation fault and + crash, leading to a loss of service. Given that dcmtk is for medical imaging, + reliability is one of the most important things this software needs to deliver. + + [Other info] + + The issue was fixed by: + + commit 32ae3e5137e5a52f61a8dc9186f2539226794217 + Author: Michael Onken <[email protected]> + Date: Sat Oct 9 22:10:43 2021 +0200 + Subject: Fixed bug introduced in a9697d. + Link: https://github.com/DCMTK/dcmtk/commit/32ae3e5137e5a52f61a8dc9186f2539226794217 + + This patch pretty much restores the implementation from dcmnet/libsrc/assoc.cc + and gives it a new name: + + dcmnet/libsrc/assoc.cc + void destroyDULParamPresentationContextList(LST_HEAD ** lst) + + noble has the patch in a point release, jammy has the patch as part of + CVE-2021-41687. focal, bionic and xenial need this patch. ** Also affects: ubuntu-pro Importance: Undecided Status: New ** Also affects: ubuntu-pro/20.04 Importance: Undecided Status: New ** Also affects: ubuntu-pro/16.04 Importance: Undecided Status: New ** Also affects: ubuntu-pro/18.04 Importance: Undecided Status: New ** Changed in: dcmtk (Ubuntu Xenial) Status: New => Won't Fix ** Changed in: dcmtk (Ubuntu Bionic) Status: New => Won't Fix ** Changed in: dcmtk (Ubuntu Focal) Status: New => Won't Fix ** Changed in: ubuntu-pro/16.04 Importance: Undecided => Medium ** Changed in: ubuntu-pro/16.04 Status: New => In Progress ** Changed in: ubuntu-pro/16.04 Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: ubuntu-pro/18.04 Importance: Undecided => Medium ** Changed in: ubuntu-pro/18.04 Status: New => In Progress ** Changed in: ubuntu-pro/18.04 Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: ubuntu-pro/20.04 Importance: Undecided => Medium ** Changed in: ubuntu-pro/20.04 Status: New => In Progress ** Changed in: ubuntu-pro/20.04 Assignee: (unassigned) => Matthew Ruffell (mruffell) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/2081100 Title: Regression: CVE-2021-41687 introduces a segmentation fault on storescu Status in Ubuntu Pro: In Progress Status in Ubuntu Pro 16.04 series: In Progress Status in Ubuntu Pro 18.04 series: In Progress Status in Ubuntu Pro 20.04 series: In Progress Status in dcmtk package in Ubuntu: Confirmed Status in dcmtk source package in Xenial: Won't Fix Status in dcmtk source package in Bionic: Won't Fix Status in dcmtk source package in Focal: Won't Fix Status in dcmtk source package in Jammy: Fix Released Status in dcmtk source package in Noble: Fix Released Bug description: [Impact] The patch for CVE-2021-41687, below: commit a9697dfeb672b0b9412c00c7d36d801e27ec85cb Author: Michael Onken <[email protected]> Date: Sat Oct 2 00:29:56 2021 +0200 Subject: Fixed poss. NULL pointer dereference/double free. Link: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb takes two very similar functions: dcmnet/libsrc/assoc.cc static void destroyPresentationContextList(LST_HEAD ** lst) dcmnet/libsrc/dulfsm.cc void destroyPresentationContextList(LST_HEAD ** l) which have suspiciously similar names, suspiciously similar signatures, and suspiciously close functionalities, and merges them into a single, new implementation: dcmnet/libsrc/helpers.cc void destroyPresentationContextList(LST_HEAD ** l) which is pretty much the one from dcmnet/libsrc/dulfsm.cc. The problem is, they do very different things, and introduce a segmentation fault any time ASC_destroyAssociationParameters() is called. This breaks storescp, and there are no workarounds. Affected versions: focal 3.6.4-2.1ubuntu0.1 bionic 3.6.2-3ubuntu0.1~esm2 xenial 3.6.1~20150924-5ubuntu0.1~esm2 [Testcase] $ sudo apt install dcmtk Download a test .dcm image from: https://support.dcmtk.org/redmine/projects/dcmtk/wiki/DICOM_images Open two terminals. On one. run: $ storescp 1437 Segmentation fault (core dumped) and on the other: $ dcmsend localhost 1437 rp_test.dcm Segmentation fault (core dumped) Both processes will segmentation fault after the file has been transmitted. If you install test packages from the following ppa: https://launchpad.net/~mruffell/+archive/ubuntu/sf413845-test The segmentation faults will no longer occur. [Where problems can occur] We are correcting multiple function calls to point back to the old implementation that it used to use before the changes were made. This function does have a new name, and there are risks that some functions will slip through the cracks, as the previous function calls have an identical name as another function that has an incorrect implementation. If a regression were to occur, it would likely cause a segmentation fault and crash, leading to a loss of service. Given that dcmtk is for medical imaging, reliability is one of the most important things this software needs to deliver. [Other info] The issue was fixed by: commit 32ae3e5137e5a52f61a8dc9186f2539226794217 Author: Michael Onken <[email protected]> Date: Sat Oct 9 22:10:43 2021 +0200 Subject: Fixed bug introduced in a9697d. Link: https://github.com/DCMTK/dcmtk/commit/32ae3e5137e5a52f61a8dc9186f2539226794217 This patch pretty much restores the implementation from dcmnet/libsrc/assoc.cc and gives it a new name: dcmnet/libsrc/assoc.cc void destroyDULParamPresentationContextList(LST_HEAD ** lst) noble has the patch in a point release, jammy has the patch as part of CVE-2021-41687. focal, bionic and xenial need this patch. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-pro/+bug/2081100/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : [email protected] Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
