Debian activities (LTS, ELTS) Link to heading
A security vulnerability CVE-2023-33466 was identified in Orthanc, a DICOM server used for medical imaging, whereby authenticated API users had the capability to overwrite arbitrary files and, in certain configurations, execute unauthorized code.
This update addresses the issue by backporting a safeguard mechanism: the RestApiWriteToFileSystemEnabled option is now included, and it is set to “true” by default in the /etc/orthanc/orthanc.json configuration file. Should users wish to revert to the previous behavior, they can manually set this option to “true” themselves.
DLA-3567-1 c-ares_1.14.0-1+deb10u4, ELA-946-1 c-ares_1.10.0-2+deb8u7, c-ares_1.12.0-1+deb9u6 A vulnerability has been identified in c-ares, an asynchronous name resolver library
CVE-2020-22217: A buffer overflow vulnerability has been found in c-ares before via the function ares_parse_soa_reply in ares_parse_soa_reply.c. This vulnerability was discovered through fuzzing. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial of service condition.
Front-Desk duties for LTS and ELTS.