Headline
CVE-2022-37026: Comparing OTP-23.3.4.14...OTP-23.3.4.15 · erlang/otp
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Commits on May 11, 2022
Fix timing bug in ensure_engine_loaded
When two ensure_engine_loaded() calls were done in parallell there was a possibility that a crypto lib function was called by both instead of just one of them.
This is solved by moving the implementation from erlang down into a nif function that uses a mutex to protect the sensitive part.
Browse the repository at this point in the history
Commits on May 19, 2022
Browse the repository at this point in the history
erts: Accept faulty Size field in NEW_FUN_EXT
This is a pragmatic semi-solution to remove the symptom of a bug that could cause invalid Size field in NEW_FUN_EXT encoded toward a pending connection. The Size field is not used for anything else than this sanitity check so I see it safe to accept NEW_FUN_EXT from buggy senders.
erl_interface still relies on Size so I guess we have to fix the encoding bug also, even though sending funs to erl_interface is not that common.
Browse the repository at this point in the history
Commits on May 24, 2022
Browse the repository at this point in the history
Browse the repository at this point in the history
Commits on Jun 17, 2022
- Browse the repository at this point in the history
Commits on Jun 20, 2022
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Commits on Jun 21, 2022
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Browse the repository at this point in the history
Related news
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Ubuntu Security Notice 6059-1 - It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this issue to bypass client authentication.
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.
Red Hat Security Advisory 2022-8857-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Issues addressed include a bypass vulnerability.
An update for erlang is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-37026: erlang/otp: Client Authentication Bypass