Forum: >>> Magnum BBS <<<

[RFR] wml://security/2023/dsa-547{2,3}.wml

From Jean-Pierre Giraud@21:1/5 to All on Thu Aug 10 08:20:01 2023

--=-mtC2lVBvq3Xz3SN9U7FO
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Bonjour,
deux nouvelles annonces de sécurité ont été publiées. En voici une traduction. Merci d'avance pour vos relectures.
Amicalement,
jipege

--=-mtC2lVBvq3Xz3SN9U7FO
Content-Disposition: attachment; filename="dsa-5473.wml" Content-Transfer-Encoding: base64
Content-Type: text/vnd.wap.wml; name="dsa-5473.wml"; charset="UTF-8"

I3VzZSB3bWw6OmRlYmlhbjo6dHJhbnNsYXRpb24tY2hlY2sgdHJhbnNsYXRpb249IjY1ZmZmNmY3 MWZjNGYyYzhiNjk5MzkxZjA4NTVkODZlZDgwNWI5NmIiIG1haW50YWluZXI9IkplYW4tUGllcnJl IEdpcmF1ZCIKPGRlZmluZS10YWcgZGVzY3JpcHRpb24+TWlzZSDDoCBqb3VyIGRlIHPDqWN1cml0 w6k8L2RlZmluZS10YWc+CjxkZWZpbmUtdGFnIG1vcmVpbmZvPgo8cD5MZXMgdXRpbGlzYXRldXJz IGF1dGhlbnRpZmnDqXMgZGUgbCdBUEkgZCdPcnRoYW5jLCB1biBzZXJ2ZXVyIERJQ09NIHBvdXIK bCdpbWFnZXJpZSBtw6lkaWNhbGUsIHBvdXZhaXQgw6ljcmFzZXIgZGVzIGZpY2hpZXJzIGFyYml0 cmFpcmVzIGV0LCBkYW5zCmNlcnRhaW5lcyBjb25maWd1cmF0aW9ucywgZXjDqWN1dGVyIGR1IGNv ZGUgYXJiaXRyYWlyZS48L3A+Cgo8cD5DZXR0ZSBtaXNlIMOgIGpvdXIgcsOpdHJvcG9ydGUgbCdv cHRpb24gUmVzdEFwaVdyaXRlVG9GaWxlU3lzdGVtRW5hYmxlZCwKbGEgZMOpZmluaXNzYW50IMOg IDxxPnRydWU8L3E+IGRhbnMgL2V0Yy9vcnRoYW5jL29ydGhhbmMuanNvbiwgZWxsZSByZXN0YXVy ZQpsZSBjb21wb3J0ZW1lbnQgYW50w6lyaWV1ci48L3A+Cgo8cD5Qb3VyIGxhIGRpc3RyaWJ1dGlv biBvbGRzdGFibGUgKEJ1bGxzZXllKSwgY2UgcHJvYmzDqG1lIGEgw6l0w6kgY29ycmlnw6kKZGFu cyBsYSB2ZXJzaW9uwqAxLjkuMityZWFsbHkxLjkuMStkZnNnLTErZGViMTF1MS48L3A+Cgo8cD5Q b3VyIGxhIGRpc3RyaWJ1dGlvbiBzdGFibGUgKEJvb2t3b3JtKSwgY2UgcHJvYmzDqG1lIGEgw6l0 w6kgY29ycmlnw6kgZGFucwpsYSB2ZXJzaW9uwqAxLjEwLjErZGZzZy0yK2RlYjEydTEuPC9wPgoK PHA+Tm91cyB2b3VzIHJlY29tbWFuZG9ucyBkZSBtZXR0cmUgw6Agam91ciB2b3MgcGFxdWV0cyBv cnRoYW5jLjwvcD4KCjxwPlBvdXIgZGlzcG9zZXIgZCd1biDDqXRhdCBkw6l0YWlsbMOpIHN1ciBs YSBzw6ljdXJpdMOpIGRlIG9ydGhhbmMsIHZldWlsbGV6CmNvbnN1bHRlciBzYSBwYWdlIGRlIHN1 aXZpIGRlIHPDqWN1cml0w6kgw6AgbCdhZHJlc3NlwqA6CjxhIGhyZWY9Imh0dHBzOi8vc2VjdXJp dHktdHJhY2tlci5kZWJpYW4ub3JnL3RyYWNrZXIvb3J0aGFuYyI+XApodHRwczovL3NlY3VyaXR5 LXRyYWNrZXIuZGViaWFuLm9yZy90cmFja2VyL29ydGhhbmM8L2E+LjwvcD4KPC9kZWZpbmUtdGFn PgoKIyBkbyBub3QgbW9kaWZ5IHRoZSBmb2xsb3dpbmcgbGluZQojaW5jbHVkZSAiJChFTkdMSVNI RElSKS9zZWN1cml0eS8yMDIzL2RzYS01NDczLmRhdGEiCiMgJElkOiAkCg==

--=-mtC2lVBvq3Xz3SN9U7FO
Content-Disposition: attachment; filename="dsa-5472.wml" Content-Transfer-Encoding: base64
Content-Type: text/vnd.wap.wml; name="dsa-5472.wml"; charset="UTF-8"

I3VzZSB3bWw6OmRlYmlhbjo6dHJhbnNsYXRpb24tY2hlY2sgdHJhbnNsYXRpb249IjI4YzgyMzI4 ZjIwNjUyNTEwMjFmN2ZhMzM3ODI5ZDljMzQ0MGFjNzAiIG1haW50YWluZXI9IkplYW4tUGllcnJl IEdpcmF1ZCIKPGRlZmluZS10YWcgZGVzY3JpcHRpb24+TWlzZSDDoCBqb3VyIGRlIHPDqWN1cml0 w6k8L2RlZmluZS10YWc+CjxkZWZpbmUtdGFnIG1vcmVpbmZvPgo8cD5VbmUgaW1wbMOpbWVudGF0 aW9uIGluY29ycmVjdGUgZHUgZMOpY2hpZmZyZW1lbnQgQUVTIEdDTSBkYW5zIGNqb3NlLCB1bmUK YmlibGlvdGjDqHF1ZcKgQyBtZXR0YW50IGVuIMWTdXZyZSBsYSBub3JtZSBKT1NFLCBwb3V2YWl0 IHBlcm1ldHRyZSDDoCB1bgphdHRhcXVhbnQgZGUgZm91cm5pciB1bmUgw6l0aXF1ZXR0ZSBk4oCZ YXV0aGVudGlmaWNhdGlvbiB0cm9ucXXDqWUgZXQgZGUKbW9kaWZpZXIgbCdvYmpldCBKV0UuPC9w PgoKPHA+UG91ciBsYSBkaXN0cmlidXRpb24gb2xkc3RhYmxlIChCdWxsc2V5ZSksIGNlIHByb2Js w6htZSBhIMOpdMOpIGNvcnJpZ8OpCmRhbnMgbGEgdmVyc2lvbsKgMC42LjErZGZzZzEtMStkZWIx MXUxLjwvcD4KCjxwPlBvdXIgbGEgZGlzdHJpYnV0aW9uIHN0YWJsZSAoQm9va3dvcm0pLCBjZSBw cm9ibMOobWUgYSDDqXTDqSBjb3JyaWfDqSBkYW5zCmxhIHZlcnNpb27CoDAuNi4yLjEtMStkZWIx MnUxLjwvcD4KCjxwPk5vdXMgdm91cyByZWNvbW1hbmRvbnMgZGUgbWV0dHJlIMOgIGpvdXIgdm9z IHBhcXVldHMgY2pvc2UuPC9wPgoKPHA+UG91ciBkaXNwb3NlciBkJ3VuIMOpdGF0IGTDqXRhaWxs w6kgc3VyIGxhIHPDqWN1cml0w6kgZGUgY2pvc2UsIHZldWlsbGV6CmNvbnN1bHRlciBzYSBwYWdl IGRlIHN1aXZpIGRlIHPDqWN1cml0w6kgw6AgbCdhZHJlc3NlwqA6CjxhIGhyZWY9Imh0dHBzOi8v c2VjdXJpdHktdHJhY2tlci5kZWJpYW4ub3JnL3RyYWNrZXIvY2pvc2UiPlwKaHR0cHM6Ly9zZWN1 cml0eS10cmFja2VyLmRlYmlhbi5vcmcvdHJhY2tlci9jam9zZTwvYT4uPC9wPgo8L2RlZmluZS10 YWc+CgojIGRvIG5vdCBtb2RpZnkgdGhlIGZvbGxvd2luZyBsaW5lCiNpbmNsdWRlICIkKEVOR0xJ U0hESVIpL3NlY3VyaXR5LzIwMjMvZHNhLTU0NzIuZGF0YSIKIyAkSWQ6ICQK

--=-mtC2lVBvq3Xz3SN9U7FO--

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEcH/R3vmpi4JWBoDfeBP2a44wMXIFAmTUgNcACgkQeBP2a44w MXIPrQ//cfu1flCNDdb0M/dBJtwP4zhYtws9mcWVzhzKUVf8++Fs1WDwlFZw5uHD HBKokvnxlykd04PqR7CkCOY15Fd4FxX288d4CxrBak2x8KIoFScM7GOz+IlKaTwx oG8zpIfB58OZU23O71gk1MxApoTwdyjT0D6YxFAoR9zl4OmR8CO6zsD3T3oADulx bBfPKksg5hcWfE+OygE841325wyyrVYiKaQ4XkuUrE9j0Kk2FL0lh41Fn9F3BhaL j4cDotDPCEgGZb2NeWzRcv8yRuXWm9QR2a4/ipcitoYTTfelZG0h5cwM6sY69G6I 48vwj8PZMeRspyrmLzIsfaXpRi899X4MYRt8nt8D2nQ5ML/EYPK84DatW1WFWJqw nCLNZ35X0eVG8YIcwVlxu4XGFf/l81858v4UQiTeK7M8VeW16DwCSf6eOQQc7aJg t9TgGZAuQM27G0kHqPtDJnSyx3KU6csXMG1XY5mxGn/++u2h1WPRMRWl7S9IlVzI vroO1rFSknckTHIn6Hxy6enlINNeOMbvZppOGcp4oeZMkfqTuDaX/Xx56OVbpVA/ qbZpt0eO5EQeA1pEyeSMTtJq1KYPKJjaWXX76ns75Noupx7DHwoSSi+O5gFPOJqw f3F5bErSX6+qxibS9u6W3N576D+rgv3TLDsdCcguEuIVJXipkyY=
=kMRH
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From JP Guillonneau@21:1/5 to All on Thu Aug 10 10:10:01 2023

Bonjour,

Le 10/08/23 08:16 Jean-Pierre a écrit :

deux nouvelles annonces de sécurité ont été publiées

Suggestions.

Amicalement

--
Jean-Paul

--- ./dsa-5473.wml.orig 2023-08-10 09:56:46.312383744 +0200
+++ ./dsa-5473.wml 2023-08-10 09:58:46.276943910 +0200
@@ -2,11 +2,11 @@
<define-tag description>Mise à jour de sécurité</define-tag>
<define-tag moreinfo>
Les utilisateurs authentifiés de l'API d'Orthanc, un serveur DICOM pour -l'imagerie médicale, pouvait écraser des fichiers arbitraires et, dans +l'imagerie médicale, pouvaient écraser des fichiers arbitraires et, dans
certaines configurations, exécuter du code arbitraire.

Cette mise à jour rétroporte l'option RestApiWriteToFileSystemEnabled, -la définissant à <q>true</q> dans /etc/orthanc/orthanc.json, elle restaure +la définissant à <q>true</q> dans /etc/orthanc/orthanc.json et restaure
le comportement antérieur.

Pour la distribution oldstable (Bullseye), ce problème a été corrigé

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Jean-Pierre Giraud@21:1/5 to All on Sun Aug 20 08:40:01 2023

--=-oE2OLo8h7pK+8MjaXo1C
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Bonjour,
Le jeudi 10 août 2023 à 10:01 +0200, JP Guillonneau a écrit :

Bonjour,
Le 10/08/23 08:16 Jean-Pierre a écrit :

deux nouvelles annonces de sécurité ont été publiées

Suggestions.
Amicalement

Passage en LCFC. Je renvoie le fichier corrigé suivant les suggestions de Jean-Paul. Merci d'avance pour vos ultimes relectures.
Amicalement,
jipege

--=-oE2OLo8h7pK+8MjaXo1C
Content-Disposition: attachment; filename="dsa-5473.wml" Content-Transfer-Encoding: base64
Content-Type: text/vnd.wap.wml; name="dsa-5473.wml"; charset="UTF-8"

I3VzZSB3bWw6OmRlYmlhbjo6dHJhbnNsYXRpb24tY2hlY2sgdHJhbnNsYXRpb249IjY1ZmZmNmY3 MWZjNGYyYzhiNjk5MzkxZjA4NTVkODZlZDgwNWI5NmIiIG1haW50YWluZXI9IkplYW4tUGllcnJl IEdpcmF1ZCIKPGRlZmluZS10YWcgZGVzY3JpcHRpb24+TWlzZSDDoCBqb3VyIGRlIHPDqWN1cml0 w6k8L2RlZmluZS10YWc+CjxkZWZpbmUtdGFnIG1vcmVpbmZvPgo8cD5MZXMgdXRpbGlzYXRldXJz IGF1dGhlbnRpZmnDqXMgZGUgbCdBUEkgZCdPcnRoYW5jLCB1biBzZXJ2ZXVyIERJQ09NIHBvdXIK bCdpbWFnZXJpZSBtw6lkaWNhbGUsIHBvdXZhaWVudCDDqWNyYXNlciBkZXMgZmljaGllcnMgYXJi aXRyYWlyZXMgZXQsIGRhbnMKY2VydGFpbmVzIGNvbmZpZ3VyYXRpb25zLCBleMOpY3V0ZXIgZHUg Y29kZSBhcmJpdHJhaXJlLjwvcD4KCjxwPkNldHRlIG1pc2Ugw6Agam91ciByw6l0cm9wb3J0ZSBs J29wdGlvbiBSZXN0QXBpV3JpdGVUb0ZpbGVTeXN0ZW1FbmFibGVkLApsYSBkw6lmaW5pc3NhbnQg w6AgPHE+dHJ1ZTwvcT4gZGFucyAvZXRjL29ydGhhbmMvb3J0aGFuYy5qc29uIGV0IHJlc3RhdXJl CmxlIGNvbXBvcnRlbWVudCBhbnTDqXJpZXVyLjwvcD4KCjxwPlBvdXIgbGEgZGlzdHJpYnV0aW9u IG9sZHN0YWJsZSAoQnVsbHNleWUpLCBjZSBwcm9ibMOobWUgYSDDqXTDqSBjb3JyaWfDqQpkYW5z IGxhIHZlcnNpb27CoDEuOS4yK3JlYWxseTEuOS4xK2Rmc2ctMStkZWIxMXUxLjwvcD4KCjxwPlBv dXIgbGEgZGlzdHJpYnV0aW9uIHN0YWJsZSAoQm9va3dvcm0pLCBjZSBwcm9ibMOobWUgYSDDqXTD qSBjb3JyaWfDqSBkYW5zCmxhIHZlcnNpb27CoDEuMTAuMStkZnNnLTIrZGViMTJ1MS48L3A+Cgo8 cD5Ob3VzIHZvdXMgcmVjb21tYW5kb25zIGRlIG1ldHRyZSDDoCBqb3VyIHZvcyBwYXF1ZXRzIG9y dGhhbmMuPC9wPgoKPHA+UG91ciBkaXNwb3NlciBkJ3VuIMOpdGF0IGTDqXRhaWxsw6kgc3VyIGxh IHPDqWN1cml0w6kgZGUgb3J0aGFuYywgdmV1aWxsZXoKY29uc3VsdGVyIHNhIHBhZ2UgZGUgc3Vp dmkgZGUgc8OpY3VyaXTDqSDDoCBsJ2FkcmVzc2XCoDoKPGEgaHJlZj0iaHR0cHM6Ly9zZWN1cml0 eS10cmFja2VyLmRlYmlhbi5vcmcvdHJhY2tlci9vcnRoYW5jIj5cCmh0dHBzOi8vc2VjdXJpdHkt dHJhY2tlci5kZWJpYW4ub3JnL3RyYWNrZXIvb3J0aGFuYzwvYT4uPC9wPgo8L2RlZmluZS10YWc+ CgojIGRvIG5vdCBtb2RpZnkgdGhlIGZvbGxvd2luZyBsaW5lCiNpbmNsdWRlICIkKEVOR0xJU0hE SVIpL3NlY3VyaXR5LzIwMjMvZHNhLTU0NzMuZGF0YSIKIyAkSWQ6ICQK

--=-oE2OLo8h7pK+8MjaXo1C--

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEcH/R3vmpi4JWBoDfeBP2a44wMXIFAmThtAMACgkQeBP2a44w MXLg5xAAiK+rDnNm1zt32RtWpYq9y5uTI5NVMko/PZ5WC6NhcX/Cr7BneoNwGihS s5zGyZPHNGLC13q0BAhGzyB1g7m5yAWG2/ZYJQ+esSibovcXurih0b67TNDOqVMa UG3kDEcXXHgP2zd2OGdV4QzLYmskH4JlsGKZJmYMIjO45ESokY9LNDwDGEL5WOsC pcTBnHKOG/2BAEJ2Oq0TDsLL7oUoThVPfDx9UpQ20Bx3VjB8pNx4y+7Y6C+jx+2F L6ZSZT1IM5mXPBNZFA1NwbQApPx+kqQh5QWzZEFWPeQVPeV6GbM4h3ScNEWe9ufF 5ASrrJ0ncN8y5uh13THEM8WxNm2znuhedsD9/DfizXaZTIXa4EFcwjvfUIdNiQdj zY1FfXYEs7PWXYKySGHwDOtzMTQ2Qupao9hzuia159/o+kkwt0ZRjGZH7nhOoIbQ LEYNuxbbRJYokmeiff39v6WX6myZL0HiU1czjZvxzFGJMUAyuN+OHGxvNonMuDpP 2JZ4eNAutj6XzXw0hFHNW3W6bZ5oZtcLPxnNtdC2MbZzAeP1Tn0vcrOVYUEYm9z+ zd9U2Dt2PIDNnMv5fQayT1JE4vn+c1BDVrCGEwn0HIZmPWN2ZupmXGE2GqffvdVB Ddlo/K8AzHntbVTot5ocgHNBvlyyUKcOHiX7q6VAGtr4hgscyRM=
=UWcl
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Jean-Pierre Giraud@21:1/5 to All on Sun Aug 27 11:10:01 2023

Bonjour,
Le dimanche 20 août 2023 à 08:34 +0200, Jean-Pierre Giraud a écrit :

Le jeudi 10 août 2023 à 10:01 +0200, JP Guillonneau a écrit :

Bonjour,
Le 10/08/23 08:16 Jean-Pierre a écrit :

deux nouvelles annonces de sécurité ont été publiées

Suggestions.

Terminé. Merci à Daniel et Jean-Paul pour leurs relectures.
Amicalement,
jipege

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEcH/R3vmpi4JWBoDfeBP2a44wMXIFAmTrEHwACgkQeBP2a44w MXIdLBAAq9yc96px/SxNpKBnHQoV9s70LAEW5grzbRbuVxgJ6GjyL/AI2iovYVJ+ kEHQoNv6xxXCdj44PQD8HsaVpOmiaf/Z7eqrf1gP+Dw/IRs2MnLkzL2Kt+r2hdZq P+o+FqlH1wss2dODcN8az1IaSfm76Rek3KgI/hiJpzQq8mbVtMDPwOy6HZStoTac fZHHvdVxNBbS28NLqyX1xYTmf9BXrVWjtwdZ2FXHRY04ZhaxF3JXL9UEIk5/XN0T vjVpev0QyTwi2glrcIaCUR4EMZDB+H7mvH2nN/01LJuejctIIJoJ6zSQ/vFxDD0v vWn1tWiu4AI9K+jysang4/fA7ZlZWmFt06NZRNADLKzmsnVOJYd0PeXBVl84KgrN Du83sOqCKhY1YzdW06n2T8FgyVeMv3ON5DoTVzhaS+d7J/qj9l/pV9szu1WOeXKk 3JSuL+SW23hetq8qVDeG2YZF13INIjb4Edb7vnmHDvA6Pak2DHKmyNg8YBtMpxSv 8SvWePd+iHF5EXqIYnZhpA7Gh4Wz8yy6OppxIOsgYjce1JS8QDBvQIpv8yXhLJk0 wL2+75Yj0ScRdU5Vs6Nlyt7MKMZXEQkn+F1qnWyqkrJg7VYpq6FKIfDaneWGQzmz yHruN4Kqd166DZMXbDbHnX/i2U4NTyp7tpOsZ8hPtyZ64U6JWlo=
=6/R6
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Fri Jun 5 17:52:51 2026
  from Sheboygan, Wi via Telnet
- Gwylbert
  Fri Jun 5 06:28:52 2026
  from Sydney, Nsw via Telnet
- Centurion
  Thu Jun 4 23:42:23 2026
  from Berea, Ohio via Telnet
- Michal Wronka
  Thu Jun 4 23:19:58 2026
  from Wroclaw, Poland via Telnet
- Michal Wronka
  Thu Jun 4 23:17:20 2026
  from Wroclaw, Poland via SSH
- Michal Wronka
  Thu Jun 4 23:13:51 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	714
Nodes:	16 (2 / 14)
Uptime:	142:15:29
Calls:	12,088
Calls today:	1
Files:	14,998
Messages:	6,517,451

[RFR] wml://security/2023/dsa-547{2,3}.wml

Who's Online

Recent Visitors

System Info