Advisories ยป MGASA-2014-0553

Updated erlang packages fix security vulnerabilities

Publication date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1693


Updated erlang packages fixes security vulnerability:

An FTP command injection flaw was found in Erlang's FTP module. Several
functions in the FTP module do not properly sanitize the input before passing
it into a control socket. A local attacker can use this flaw to execute
arbitrary FTP commands on a system that uses this module (CVE-2014-1693).

This update also disables SSLv3 by default to mitigate the POODLE issue.