group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 2081100] Re: Regression: CVE-2021-41687 introduces a segmentation fault on storescu

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Matthew Ruffell <2081100@xxxxxxxxxxxxxxxxxx>
Date: Wed, 09 Jul 2025 00:30:28 -0000
Reply-to: Bug 2081100 <2081100@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Fix released in:

Bionic: 3.6.2-3ubuntu0.1~esm3

Xenial: 3.6.1~20150924-5ubuntu0.1~esm3

Focal-esm was rebased to: 3.6.4-2.1ubuntu0.2+esm1

** Changed in: ubuntu-pro/16.04
       Status: In Progress => Fix Released

** Changed in: ubuntu-pro/18.04
       Status: In Progress => Fix Released

** Changed in: ubuntu-pro/20.04
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2081100

Title:
  Regression: CVE-2021-41687 introduces a segmentation fault on storescu

Status in Ubuntu Pro:
  Fix Released
Status in Ubuntu Pro 16.04 series:
  Fix Released
Status in Ubuntu Pro 18.04 series:
  Fix Released
Status in Ubuntu Pro 20.04 series:
  Fix Released
Status in dcmtk package in Ubuntu:
  Confirmed
Status in dcmtk source package in Xenial:
  Won't Fix
Status in dcmtk source package in Bionic:
  Won't Fix
Status in dcmtk source package in Focal:
  Fix Released
Status in dcmtk source package in Jammy:
  Fix Released
Status in dcmtk source package in Noble:
  Fix Released

Bug description:
  [Impact]

  The patch for CVE-2021-41687, below:

  commit a9697dfeb672b0b9412c00c7d36d801e27ec85cb
  Author: Michael Onken <onken@xxxxxxxxxxxxxxxxxxx>
  Date:  Sat Oct 2 00:29:56 2021 +0200
  Subject: Fixed poss. NULL pointer dereference/double free.
  Link: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb

  takes two very similar functions:

  dcmnet/libsrc/assoc.cc
  static void destroyPresentationContextList(LST_HEAD ** lst)

  dcmnet/libsrc/dulfsm.cc
  void destroyPresentationContextList(LST_HEAD ** l)

  which have suspiciously similar names, suspiciously similar signatures, and
  suspiciously close functionalities, and merges them into a single, new
  implementation:

  dcmnet/libsrc/helpers.cc
  void destroyPresentationContextList(LST_HEAD ** l)

  which is pretty much the one from dcmnet/libsrc/dulfsm.cc.

  The problem is, they do very different things, and introduce a segmentation
  fault any time ASC_destroyAssociationParameters() is called.

  This breaks storescp, and there are no workarounds.

  Affected versions:
  focal 3.6.4-2.1ubuntu0.1
  bionic 3.6.2-3ubuntu0.1~esm2
  xenial 3.6.1~20150924-5ubuntu0.1~esm2

  [Testcase]

  $ sudo apt install dcmtk

  Download a test .dcm image from:
  https://support.dcmtk.org/redmine/projects/dcmtk/wiki/DICOM_images

  Open two terminals. On one. run:
  $ storescp 1437
  Segmentation fault (core dumped)

  and on the other:
  $ dcmsend localhost 1437 rp_test.dcm
  Segmentation fault (core dumped)

  Both processes will segmentation fault after the file has been
  transmitted.

  If you install test packages from the following ppa:

  https://launchpad.net/~mruffell/+archive/ubuntu/sf413845-test

  The segmentation faults will no longer occur.

  [Where problems can occur]

  We are correcting multiple function calls to point back to the old 
  implementation that it used to use before the changes were made. This function
  does have a new name, and there are risks that some functions will slip through
  the cracks, as the previous function calls have an identical name as another
  function that has an incorrect implementation.

  If a regression were to occur, it would likely cause a segmentation fault and
  crash, leading to a loss of service. Given that dcmtk is for medical imaging,
  reliability is one of the most important things this software needs to deliver.

  [Other info]

  The issue was fixed by:

  commit 32ae3e5137e5a52f61a8dc9186f2539226794217
  Author: Michael Onken <onken@xxxxxxxxxxxxxxxxxxx>
  Date:  Sat Oct 9 22:10:43 2021 +0200
  Subject: Fixed bug introduced in a9697d.
  Link: https://github.com/DCMTK/dcmtk/commit/32ae3e5137e5a52f61a8dc9186f2539226794217

  This patch pretty much restores the implementation from dcmnet/libsrc/assoc.cc
  and gives it a new name:

  dcmnet/libsrc/assoc.cc
  void destroyDULParamPresentationContextList(LST_HEAD ** lst)

  noble has the patch in a point release, jammy has the patch as part of 
  CVE-2021-41687. focal, bionic and xenial need this patch.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-pro/+bug/2081100/+subscriptions