Advisories » MGASA-2026-0196

Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability

Publication date: 11 Jun 2026
Modification date: 11 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-21619

Description

Uncontrolled Resource Consumption, Deserialization of Untrusted Data
vulnerability in hexpm hex_core (hex_api modules), hexpm hex
(mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object
Injection, Excessive Allocation. This vulnerability is associated with
program files src/hex_api.erl, src/mix_hex_api.erl,
apps/rebar/src/vendored/r3_hex_api.erl and program routines
hex_core:request/4, mix_hex_api:request/4, r3_hex_api:request/4. This
issue affects hex_core: from 0.1.0 before 0.12.1; hex: from 2.3.0 before
2.3.2; rebar3: from 3.9.1 before 3.27.0.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=35187
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULA2SKGZS6NTHYMAHGYMOGTSP4KM4IOP/
• https://www.cve.org/CVERecord?id=CVE-2026-21619

SRPMS

9/core

• erlang-hex_core-0.7.1-2.1.mga9
• erlang-rebar3-3.18.0-1.1.mga9