Advisories » MGASA-2014-0553

Updated erlang packages fix security vulnerabilities

Publication date: 26 Dec 2014
Modification date: 26 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1693

Description

Updated erlang packages fixes security vulnerability:

An FTP command injection flaw was found in Erlang's FTP module. Several
functions in the FTP module do not properly sanitize the input before passing
it into a control socket. A local attacker can use this flaw to execute
arbitrary FTP commands on a system that uses this module (CVE-2014-1693).

This update also disables SSLv3 by default to mitigate the POODLE issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14715
• https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
• https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146184.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693

SRPMS

4/core

• erlang-R16B02-2.1.mga4