Debian Bug report logs -
#1040597
orthanc: CVE-2023-33466
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
:
Bug#1040597
; Package src:orthanc
.
(Fri, 07 Jul 2023 19:00:17 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org>
.
(Fri, 07 Jul 2023 19:00:17 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: orthanc
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for orthanc.
CVE-2023-33466[0]:
| Orthanc before 1.12.0 allows authenticated users with access to the
| Orthanc API to overwrite arbitrary files on the file system, and in
| specific deployment scenarios allows the attacker to overwrite the
| configuration, which can be exploited to trigger Remote Code
| Execution (RCE).
https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-33466
https://www.cve.org/CVERecord?id=CVE-2023-33466
Please adjust the affected versions in the BTS as needed.
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 08 Jul 2023 06:30:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Jul 8 11:57:36 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.