Hello, Thanks for the report. However, this bug is not specific to the "orthanc" package and should be reassigned to the "dcmtk" package.
To reproduce, in terminal 1: $ docker run --rm -t -i -p 2000:2000 debian:bullseye # apt update && apt install -y dcmtk # storescp 2000 In terminal 2: $ storescu localhost 2000 sample.dcm This results in a segmentation fault in terminal 1. A similar issue is reported in Ubuntu 20.04: https://bugs.launchpad.net/ubuntu/+source/dcmtk/+bug/2081100 Kind Regards, Sébastien- On Mon, 3 Feb 2025 at 15:18, <infra...@alara-group.fr> wrote: > > Package: orthanc > Version: 1.9.2+really1.9.1+dfsg-1+deb11u1 > Severity: grave > Justification: renders package unusable > X-Debbugs-Cc: debian-...@lists.debian.org > > Dear Maintainer, > > The last dcmtk/libdcmtk15 security update (3.6.5-1+deb11u1) causes > orthanc server to segfault as soon as a dicom file is received. > > Here is the content of syslog : > Feb 3 14:02:27 quaoar systemd[1]: Started Lightweight, RESTful DICOM server > for healthcare and medical research. > Feb 3 14:02:46 quaoar kernel: [ 2559.234663] Orthanc[16701]: segfault at > 312e42 ip 00007fea92533c90 sp 00007fea857f9988 error 4 in > libdcmnet.so.15.3.6.5 (deleted)[7fea924cf000+ad000] > Feb 3 14:02:46 quaoar kernel: [ 2559.248240] Code: 48 89 c2 48 c7 40 10 00 > 00 00 00 c6 40 18 00 48 8d 05 04 37 07 00 48 89 02 48 89 5a 20 5b 5d 41 5c e9 > 64 b4 f9 ff 0f 1f 40 00 <48> 83 7f 10 00 41 54 74 27 48 8b 47 08 48 8b 70 08 > 80 7e 18 00 75 > Feb 3 14:02:46 quaoar systemd[1]: orthanc.service: Main process exited, > code=killed, status=11/SEGV > Feb 3 14:02:46 quaoar systemd[1]: orthanc.service: Failed with result > 'signal'. > > I have been able to reproduce this crash on a fresh bullseye install with > default > configuration for everything (and just sending a dicom file on port 4242). > > Reverting the dcmtk/libdcmtk15 to the previous version (3.6.5-1) solves the > problem, but is obviously not an acceptable solution, as it leaves the system > with a security hole. > > Thank you by advance, > > Nicolas Chamouard > > > -- System Information: > Debian Release: 11.11 > APT prefers oldstable-updates > APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, > 'oldstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 5.10.0-33-cloud-amd64 (SMP w/4 CPU threads) > Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not > set > Shell: /bin/sh linked to /usr/bin/dash > Init: systemd (via /run/systemd/system) > LSM: AppArmor: enabled > > Versions of packages orthanc depends on: > ii adduser 3.118+deb11u1 > ii dcmtk 3.6.5-1 > ii init-system-helpers 1.60 > ii libboost-filesystem1.74.0 1.74.0-9 > ii libboost-iostreams1.74.0 1.74.0-9 > ii libboost-locale1.74.0 1.74.0-9 > ii libboost-regex1.74.0 [libboost-regex1.74.0-icu67] 1.74.0-9 > ii libboost-thread1.74.0 1.74.0-9 > ii libc6 2.31-13+deb11u11 > ii libcivetweb1 1.13+dfsg-5 > ii libcurl4 7.74.0-1.3+deb11u14 > ii libdcmtk15 3.6.5-1 > ii libgcc-s1 10.2.1-6 > ii libjpeg62-turbo 1:2.0.6-4 > ii libjsoncpp24 1.9.4-4 > ii liblua5.3-0 5.3.3-1.1+deb11u1 > ii libpng16-16 1.6.37-3 > ii libpugixml1v5 1.11.4-1 > ii libsqlite3-0 3.34.1-3+deb11u1 > ii libssl1.1 1.1.1w-0+deb11u2 > ii libstdc++6 10.2.1-6 > ii libuuid1 2.36.1-8+deb11u2 > ii locales 2.31-13+deb11u11 > ii lsb-base 11.1.0 > ii tzdata 2024b-0+deb11u1 > ii zlib1g 1:1.2.11.dfsg-2+deb11u2 > > orthanc recommends no packages. > > orthanc suggests no packages. > > -- Configuration Files: > /etc/orthanc/credentials.json [Errno 13] Permission non accordée: > '/etc/orthanc/credentials.json' > /etc/orthanc/orthanc.json changed [not included] > > -- no debconf information > _______________________________________________ > Debian-med-packaging mailing list > debian-med-packag...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-med-packaging -- Sébastien Jodogne Web: https://perso.uclouvain.be/sebastien.jodogne/
