** Summary changed: - Segmentation fault after installing ubuntu 20.04 security update 3.6.4-2.1ubuntu0.1 + Regression: CVE-2021-41687 introduces a segmentation fault on storescu
** Description changed: - Dear package maintainers of dcmtk, libdcmtk14, libdcmtk-dev, + [Impact] - Today, we have applied the latest update 3.6.4-2.1ubuntu0.1. See details https://ubuntu.pkgs.org/20.04/ubuntu-updates-universe-arm64/libdcmtk14_3.6.4-2.1ubuntu0.1_arm64.deb.html - ' - When running the dcmtk tool storescu, sending data is performed correctly, but the tool crashes. The last 3 lines of the command line output are: - I: Received Store Response (Success) - I: Releasing Association + The patch for CVE-2021-41687, below: + + commit a9697dfeb672b0b9412c00c7d36d801e27ec85cb + Author: Michael Onken <[email protected]> + Date: Sat Oct 2 00:29:56 2021 +0200 + Subject: Fixed poss. NULL pointer dereference/double free. + Link: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb + + takes two very similar functions: + + dcmnet/libsrc/assoc.cc + static void destroyPresentationContextList(LST_HEAD ** lst) + + dcmnet/libsrc/dulfsm.cc + void destroyPresentationContextList(LST_HEAD ** l) + + which have suspiciously similar names, suspiciously similar signatures, and + suspiciously close functionalities, and merges them into a single, new + implementation: + + dcmnet/libsrc/helpers.cc + void destroyPresentationContextList(LST_HEAD ** l) + + which is pretty much the one from dcmnet/libsrc/dulfsm.cc. + + The problem is, they do very different things, and introduce a segmentation + fault any time ASC_destroyAssociationParameters() is called. + + This breaks storescp, and there are no workarounds. + + Affected versions: + focal 3.6.4-2.1ubuntu0.1 + bionic 3.6.2-3ubuntu0.1~esm2 + xenial 3.6.1~20150924-5ubuntu0.1~esm2 + + [Testcase] + + $ sudo apt install dcmtk + + Download a test .dcm image from: + https://support.dcmtk.org/redmine/projects/dcmtk/wiki/DICOM_images + + Open two terminals. On one. run: + $ storescp 1437 Segmentation fault (core dumped) - According to our analysis, the code crashes when function - ASC_destroyAssociation(...) is called. + and on the other: + $ dcmsend localhost 1437 rp_test.dcm + Segmentation fault (core dumped) - If I downgrade to package version 3.6.4-2.1build2, everything works - fine. + Both processes will segmentation fault after the file has been + transmitted. - Could you please investigate this issue? + If you install test packages from the following ppa: - Bye, - Andreas Zolnay + https://launchpad.net/~mruffell/+archive/ubuntu/sf413845-test + + The segmentation faults will no longer occur. + + [Where problems can occur] + + We are correcting multiple function calls to point back to the old + implementation that it used to use before the changes were made. This function + does have a new name, and there are risks that some functions will slip through + the cracks, as the previous function calls have an identical name as another + function that has an incorrect implementation. + + If a regression were to occur, it would likely cause a segmentation fault and + crash, leading to a loss of service. Given that dcmtk is for medical imaging, + reliability is one of the most important things this software needs to deliver. + + [Other info] + + The issue was fixed by: + + commit 32ae3e5137e5a52f61a8dc9186f2539226794217 + Author: Michael Onken <[email protected]> + Date: Sat Oct 9 22:10:43 2021 +0200 + Subject: Fixed bug introduced in a9697d. + Link: https://github.com/DCMTK/dcmtk/commit/32ae3e5137e5a52f61a8dc9186f2539226794217 + + This patch pretty much restores the implementation from dcmnet/libsrc/assoc.cc + and gives it a new name: + + dcmnet/libsrc/assoc.cc + void destroyDULParamPresentationContextList(LST_HEAD ** lst) + + noble has the patch in a point release, jammy has the patch as part of + CVE-2021-41687. focal, bionic and xenial need this patch. ** Also affects: ubuntu-pro Importance: Undecided Status: New ** Also affects: ubuntu-pro/20.04 Importance: Undecided Status: New ** Also affects: ubuntu-pro/16.04 Importance: Undecided Status: New ** Also affects: ubuntu-pro/18.04 Importance: Undecided Status: New ** Changed in: dcmtk (Ubuntu Xenial) Status: New => Won't Fix ** Changed in: dcmtk (Ubuntu Bionic) Status: New => Won't Fix ** Changed in: dcmtk (Ubuntu Focal) Status: New => Won't Fix ** Changed in: ubuntu-pro/16.04 Importance: Undecided => Medium ** Changed in: ubuntu-pro/16.04 Status: New => In Progress ** Changed in: ubuntu-pro/16.04 Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: ubuntu-pro/18.04 Importance: Undecided => Medium ** Changed in: ubuntu-pro/18.04 Status: New => In Progress ** Changed in: ubuntu-pro/18.04 Assignee: (unassigned) => Matthew Ruffell (mruffell) ** Changed in: ubuntu-pro/20.04 Importance: Undecided => Medium ** Changed in: ubuntu-pro/20.04 Status: New => In Progress ** Changed in: ubuntu-pro/20.04 Assignee: (unassigned) => Matthew Ruffell (mruffell) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2081100 Title: Regression: CVE-2021-41687 introduces a segmentation fault on storescu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-pro/+bug/2081100/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
