USN-3571-1: Erlang vulnerabilities
USN-3571-1: Erlang vulnerabilities Ubuntu Security Notice USN-3571-1 14th February, 2018 erlang vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 17.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Erlang. Software description erlang – Concurrent, real-time, distributed functional language Details It was discovered that the Erlang FTP module incorrectly handled certainCRLF sequences. A remote attacker could possibly use this issue to injectarbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS.(CVE-2014-1693) It was discovered that Erlang incorrectly checked CBC padding bytes. Aremote attacker could possibly use this issue to perform a padding oracleattack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS.(CVE-2015-2774) It was discovered that Erlang incorrectly handled certain regularexpressions. A remote attacker could possibly use this issue to causeErlang to crash, resulting in a denial of service, or [ more… ]