Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8857: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (erlang) security update

An update for erlang is now available for Red Hat OpenStack Platform 16.2.4 (Train) on Red Hat Enterprise Linux (RHEL) 8.4. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-37026: erlang/otp: Client Authentication Bypass
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat#ldap#ericsson#auth#ibm#ssl

Issued:

2022-12-07

Updated:

2022-12-07

RHSA-2022:8857 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Moderate: Red Hat OpenStack Platform 16.2.4 (erlang) security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for erlang is now available for Red Hat OpenStack Platform 16.2.4
(Train) on Red Hat Enterprise Linux (RHEL) 8.4.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Description

Erlang is a general-purpose programming language and runtime environment.
Erlang has built-in support for concurrency, distribution and fault
tolerance. Erlang is used in several large telecommunication systems from
Ericsson.

Security Fix(es):

  • Client Authentication Bypass (CVE-2022-37026)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

Affected Products

  • Red Hat OpenStack for IBM Power 16.2 ppc64le
  • Red Hat OpenStack 16.2 x86_64

Fixes

  • BZ - 2141802 - CVE-2022-37026 erlang/otp: Client Authentication Bypass

Red Hat OpenStack for IBM Power 16.2

SRPM

erlang-23.3.4.18-1.el8ost.src.rpm

SHA-256: d62cffaa3a34a9c3b69473096d4db95462ac111773682b2d04ed04d641507d42

ppc64le

erlang-asn1-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 1f3506909b29ac268896d8df2d9b2e978de578bcdc967ac16634f6d2285bdb5d

erlang-asn1-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: b6707adec442e7a6aac6fe49f0da0860832c9fffd3856c2cd5a56ff210601dd3

erlang-compiler-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 76e6fbfeb2cc7656f4569342016a7c473fa5c15634e2ed37e91bb962f22ab3fd

erlang-crypto-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 6ffe6eb6a13e7198a544f2e258e26e5c606e6b0e4dc482972225906d9f8600c0

erlang-crypto-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 3f614367725fe02db0389057b011fa6b68406d8e280375cebc66c07106362fac

erlang-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 5c664098acd37d1c545b162be398ba3403a6c623926419e681d657a279058df5

erlang-debugsource-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 81ce5592ca448d8c3a57f631355eefc9410d7a178ff6019f5c8b5c5670f6d3ff

erlang-eldap-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 7a4dad3f5f096c2e74e094e000524f729776a1fe27222e3d1799e03120b67939

erlang-erl_interface-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: f7943b221eae749bc574719d5d3cf9300cc6e029ab62a981e447eb87f5fe939d

erlang-erts-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: dbe99167d588b790b873d93080d3bdcebf00811c6878d8d3658291408738640b

erlang-erts-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 9e5572782e69a9862c95739f6ef2ca7ebdac1ebaeba7cdcca5c5fa0c713fd867

erlang-hipe-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: bfc0878953f0ef293ad04f1c7549953e3a5c87e92252e7a5388af42c8796c422

erlang-inets-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 8f9ab6f8419db19acc38bca9fef8031147e6836ae18fd8c293452fcf4c7d9a91

erlang-kernel-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 6ed44940e18c94b7748e913ceba7b1155513f99fc63462e91a3fc3e984a3980e

erlang-mnesia-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: a107375971814b49f6148a3d01559f986f1f064061e6f177a5bbb466681c379b

erlang-odbc-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: cf2d1d60616b74a6e2308c19a0a38136682d2dcc5b64ddc7836609fa7db4b7a3

erlang-os_mon-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 54029b45c4c1de967e2607d2aed04de7392391e061455dc542ca4ae13409f924

erlang-os_mon-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 9ee507a1a8d9d39c4f99df187121e75056622eaf9d241b646125e921e9e4009d

erlang-parsetools-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 3db8c1e3d039ffc027f3e42c8da5a64f83c10c49b061f419812e87dc5196ff56

erlang-public_key-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 9ae39c629fe0ea46d0d1fd0fc04987957da30c75ca7540e0d5cfdbf306ffc7e1

erlang-runtime_tools-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: fa852dce145ea205ad098361a636be0b2c9d858567b2ea07f68dae439249cad9

erlang-runtime_tools-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 8de4c231fc32c79a4809e39409879045de8fef2ee210dbfd59fd439f6a31c325

erlang-sasl-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 99e5a7874683a1d0da00a356f295b372256ef6249cde5c76f7e9694c5e9cdf38

erlang-snmp-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 5dbb5e7a39bca1c4e21972a778155df7da5d6e486e7c91d8df6b6fa08e7d71e1

erlang-ssl-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: e8004e2bd823dba11ef0cb60b0938260361c1b0b9a05602c88b0637490bead90

erlang-stdlib-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: eecde07bb432dbcac5ec26a4f1c2c1961beb460a1f22d267c68fc4a337490e20

erlang-syntax_tools-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 123609f73b015d7061fc1cdcf028b7c8a848c95ec09e2147b76d7f45045c35f0

erlang-tools-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: e2d29c0cd65c3165c70269a9642acdb879e9e88d416e8af4189e60d13b710a80

erlang-tools-debuginfo-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 9b34fa43767742d0cdcb5c522a739d0a45a3187b0cdd7420c55c5e82e20c107b

erlang-xmerl-23.3.4.18-1.el8ost.ppc64le.rpm

SHA-256: 1db7c8f3963ceea42e9aa646cc7bc9ef1ea6a043e20e0e121a3cd2861f5d409f

Red Hat OpenStack 16.2

SRPM

erlang-23.3.4.18-1.el8ost.src.rpm

SHA-256: d62cffaa3a34a9c3b69473096d4db95462ac111773682b2d04ed04d641507d42

x86_64

erlang-asn1-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: dc1990fa477f9a0b4e735751a1c38e52d8e2aeb19f1bafcedd4bf9ac7c1dbee4

erlang-asn1-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 2a99ac6b96b7d64102ff6b072d17141b30d5368ae1b2dfa1b6a59475fc6aa75b

erlang-compiler-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: ba5ea77b6e2071d571c705dd851c3dcd2348f98d5bad92e3bb06fa27d2574a7f

erlang-crypto-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: b5d3dd5538bf0098b3683aa1acf395d58a97d40eb89d537bcffa89509eff2551

erlang-crypto-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 5e1ecb06641384ce61202e59fe550c3f8b6a038c97db1d15d2056d3b25bb8322

erlang-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: cce0b6045d8c76b184150a700004124414ead638f44251d60bc2403fd33c14af

erlang-debugsource-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 8a7fc3fa160d9bc3f8b4b1664918419b99c959d667aee4d303a4e3db86ed54da

erlang-eldap-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: b8f893a1f92881f0449df814e1f1ec015bf5fda691508ea714af794d12230566

erlang-erl_interface-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: cc1cf4f57e8904527bd0036a02ea31798c0f815ca30598f86400832cb4f37927

erlang-erts-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: b95e856e87cb2cba8975714f34f00bce935656f38bc185db9fa5b37fc418a3a9

erlang-erts-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 9f983a964e3a646d8a748614c6091d3cc139198346c02b713e9bee9859cfd9c0

erlang-hipe-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: cc7100a0af0dd0572126eaa0e725ef739e818c7418c13ce466f0a6f10074e8de

erlang-inets-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 0c251d724be784038aada2172ad0944c04c45919cad4468623c69d3fa63d193c

erlang-kernel-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: ce6e890e2ab8d53a5bc11bb2db0c4707e64f8c127bd6485651aab1cfd9da79ac

erlang-mnesia-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 3dcedde5a4efd9b34ea52865f91cda05721c0829b6fa0035fac8d13760272bdf

erlang-odbc-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: c0df9c5c3b43753a67ebee5dd1ab3083920e796fcd5b7283c1ffd6a937f1e31c

erlang-os_mon-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 9c9ad7b9d1d1da85ab22911ea9e6c27a62484e2648919740bd9d17f5aaa06e48

erlang-os_mon-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: f4a0e7483d28af22e3b078b69389dadbf33247a82de066e3c2e82a5efff9627e

erlang-parsetools-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: e4dcd22bc4e4c476630c2d0b8e4671173a2fe53b1e4f4dfe1049ca275e7b86a5

erlang-public_key-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 6a06b5b6c25742e66ac2a6d2a2a3a366844e8256c1b60cf765bf8b0248c20e5c

erlang-runtime_tools-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 0ac5b18695cd44d9112106b5965935e561cfdeeb1cdb922c6f46d21071b0e3c5

erlang-runtime_tools-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: ad5d1c9f66c57993ca62cab08a47aa2ed088e853455809d0443f60629f8d87c3

erlang-sasl-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 813d2a41279fa48096abf308255e99c6c6269e00780113f944a140388924c2a8

erlang-snmp-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 9d1130eb9759232cf670ff9a46904e454463b7a4ca535f3fcd43b8b655070705

erlang-ssl-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: abbb7c91a43b61bed47fb3c37ddc192c76476f0b8c826e7881bc816254826f7d

erlang-stdlib-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: ef5d8511a30f2981b2cd9b31beb0e88c45ea7fd88062de114a052ff5de9ae532

erlang-syntax_tools-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 7e2c3a4aaaa8811657585d33eed8101fc750234e09134f04f8420aa27bfe7577

erlang-tools-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: acca2b55d5ee3bccb77ca93c7f7e75524acddacc06b9fb2b236e8f0a61559458

erlang-tools-debuginfo-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 2307e1b54cfbe24f8daf112c999c73ec0ea8e3288fb8e81cd6a00630c985ede3

erlang-xmerl-23.3.4.18-1.el8ost.x86_64.rpm

SHA-256: 53d6d82ed3941298a568da9e8ce14c7f1e75013c1ff6a3783b63771325933530

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Ubuntu Security Notice USN-6059-1

Ubuntu Security Notice 6059-1 - It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this issue to bypass client authentication.

CVE-2022-42950: Couchbase Alerts

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Red Hat Security Advisory 2022-8857-01

Red Hat Security Advisory 2022-8857-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Issues addressed include a bypass vulnerability.

CVE-2022-37026: Comparing OTP-23.3.4.14...OTP-23.3.4.15 · erlang/otp

In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data