Ubuntu
dcmtk package

dcmtk < 3.6.7 vulnerabilities

Asked by Eduardo Hoefel

According to https://www.cvedetails.com/vulnerability-list/vendor_id-13397/product_id-27867/Offis-Dcmtk.html, versions of dcmtk prior to 3.6.7 have critical vulnerabilities which I want to avoid. However, dcmtk 3.6.7 is only proposed to be released on 22.10 according to https://launchpad.net/ubuntu/kinetic/amd64/dcmtk/3.6.7-6. I'd like to install it in Ubuntu 22.04 which is LTS. How can I do it?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu dcmtk Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

Relevant Links:
https://ubuntu.com/security/cves?q=&package=dcmtk
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014044

The correct way to get the packages updated for jammy is either creating a bug report to request patching the software against the vulnerabilities or backporting the version in kinetic to jammy, or creating a PPA with that version.

If you want to try installing the updated version that has been packages from kinetic, then you have to download the *.deb files from launchpad manually. This is not a recommended procedure, but should be possible in this case (I assume that all dependencies can be met on jammy).

Visit https://launchpad.net/ubuntu/+source/dcmtk
Click on the triangle besides kinetic to unfold the paragraph
Download the libdcmtk17_3.6.7-6_amd64.deb and dcmtk_3.6.7-6_amd64.deb packages to your system (or those for your architecture if you don't run an intel-based 64 bit system) and install the packages with
sudo dpkg -i *dcmtk*.deb

Can you help with this problem?

Provide an answer of your own, or ask Eduardo Hoefel for more information if necessary.

To post a message you must log in.