{"schema_version":"1.7.2","id":"OESA-2023-1942","modified":"2023-12-22T11:06:31Z","published":"2023-12-22T11:06:31Z","upstream":["CVE-2022-37026"],"summary":"erlang security update","details":"Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.\r\n\r\nSecurity Fix(es):\r\n\r\nIn Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.(CVE-2022-37026)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP2","name":"erlang","purl":"pkg:rpm/openEuler/erlang\u0026distro=openEuler-22.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.3.4.9-3.oe2203sp2"}]}],"ecosystem_specific":{"aarch64":["erlang-sasl-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-observer-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-eunit-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-megaco-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-debuginfo-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-tftp-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-erl_docgen-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-diameter-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-crypto-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-common_test-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-jinterface-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-dialyzer-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-edoc-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-runtime_tools-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-examples-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-debugsource-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-reltool-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-kernel-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-erts-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-asn1-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-xmerl-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-ssh-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-snmp-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-tools-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-stdlib-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-inets-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-eldap-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-compiler-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-debugger-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-ssl-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-mnesia-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-hipe-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-et-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-erl_interface-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-os_mon-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-syntax_tools-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-public_key-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-wx-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-ftp-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-parsetools-23.3.4.9-3.oe2203sp2.aarch64.rpm","erlang-odbc-23.3.4.9-3.oe2203sp2.aarch64.rpm"],"src":["erlang-23.3.4.9-3.oe2203sp2.src.rpm"],"x86_64":["erlang-sasl-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-debugsource-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-tools-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-eunit-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-xmerl-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-erts-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-odbc-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-eldap-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-ftp-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-common_test-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-kernel-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-jinterface-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-syntax_tools-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-diameter-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-os_mon-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-asn1-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-hipe-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-et-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-tftp-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-snmp-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-debuginfo-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-dialyzer-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-parsetools-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-reltool-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-ssl-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-observer-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-compiler-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-inets-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-edoc-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-mnesia-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-public_key-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-debugger-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-examples-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-ssh-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-stdlib-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-megaco-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-runtime_tools-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-erl_docgen-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-erl_interface-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-wx-23.3.4.9-3.oe2203sp2.x86_64.rpm","erlang-crypto-23.3.4.9-3.oe2203sp2.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1942"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-37026"}],"database_specific":{"severity":"Critical"}}