Issued:
2018-02-13
Updated:
2018-02-13

RHSA-2018:0303 - Security Advisory

Synopsis

Low: erlang security and bug fix update

Type/Severity

Security Advisory: Low

Topic

An update for erlang is now available for Red Hat OpenStack Platform 11.0 (Ocata).

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance.

Security Fix(es):

  • An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. (CVE-2017-1000385)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat OpenStack 11 x86_64

Fixes

  • BZ - 1520400 - CVE-2017-1000385 erlang: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack
  • BZ - 1536064 - erl_epmd:port_please assumes ipv4

CVEs

References

Red Hat OpenStack 11

SRPM
erlang-18.3.4.7-1.el7ost.src.rpm SHA-256: 8ba3e69a746032203a18d3da421774cc867eddda036e17daa93e9d8dcbd22ad3
x86_64
erlang-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 52aa732c99415b10caa4795a0ca6e659aaad960524b37bee19305785b7dba665
erlang-asn1-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 03bfe7f03a0b3586899090c04d34732874453a9c3ee168a297d7d75b59570542
erlang-compiler-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 55db3664a7fee539f4e8f32494280b65b58e18d688ea4e534de795ce09ffb5bb
erlang-cosEvent-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: ccc90a4bfbdc6d80d9b02c43b9f95c243f36d5fdceba4cf27efd934f355805f8
erlang-cosEventDomain-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 3f300753e55519376de49f6384a3b7883fbe7222a28757c89fb1001063f3bf29
erlang-cosFileTransfer-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: b7ba1c859c6e871f0a27c924ded9c38a80481e9acb15cd5d53dcf925868f8021
erlang-cosNotification-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 1ea5cb9ac1b5354e70facde4e7082b7ea18dde000bff313c12d9a29b6589b49e
erlang-cosProperty-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 2337a18a63b25ad0f9aa591dbce6871f8b2014e5b0338e823eec7e90457cff7a
erlang-cosTime-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 5668299ca92739753991a70eb4112a6d26a0ea273721108ff0cc447b8788cf8b
erlang-cosTransactions-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: c672c09b7ba80f725c16fac26a58e398784cb54e3f04a3a1931c0b1fd751fab0
erlang-crypto-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: c4f9e00fd6abdcf22f2f8ea66fc370c28a24deb5520ec4f64178a09448bd7174
erlang-debuginfo-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 35222fd9714fb2561df61e112f80703905549575f3a2cf9b4d1b9bd26d92cbba
erlang-diameter-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 1250fbf572b3d0220e89c6b440c5cec619c773daa968b86a10733e62e452aac5
erlang-edoc-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 49fe64380d811a87562dd7bbb121c6ad171b34c4da49560f2fc55f42df276842
erlang-eldap-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 11f9ed3efccd55721b031b68ab481f7fbf74e4e2a605ee5591c3aeda3b44a91e
erlang-erl_docgen-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 89416d1b277b8444f6f3cfeeb096d153768b05af58507e9fb27d5da730574cd2
erlang-erl_interface-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: c1e3d41789369ff5176f454db00ddcbda27737839207ecbe141927dfb204ee16
erlang-erts-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 56f51eb46ee2ccceaa46225652757215b863025f52e5efbcf65d7ee2c7f0b04a
erlang-eunit-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: ed76d388921a99c67e3446ab6f0f2e4431c27d8aca0f0d93c3f3ad87e8192cbc
erlang-hipe-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: cbf347ab14247134365654313ee7b268f2eab926160323c764b50e3db170e5a2
erlang-ic-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: a0bd3dc59a83c4fdddf0b040d683af4beaa82bd63a72dd7ac761c7059dcee96c
erlang-inets-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 67027036237394e3892b4ada159c1da971c77c0035e9af26e537172026f834b5
erlang-kernel-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: d0907e9fe478cb5bed9728e3264eb374bc2da5013358eae3c8683cbae0e6055b
erlang-mnesia-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 6e146c5be1e01124d964e32441601cfc110d5545901a4c7e5d8ef8607d58437a
erlang-odbc-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: b03e913abcec4d13d81e616bb54b86bee37a54534d4730ec8be0395807a5d40a
erlang-orber-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 9547ef4d84a982305a1fab0ab387115dd5727a7cef26ed41347b51da7431ef67
erlang-os_mon-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 6d0f5888de3e360c85acb5f63acb3ea961e03e08663c10f4b1c53bc879818d8a
erlang-ose-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 74064a9266d7a40ee018acf20dac5966637f84b336d9af2267c9bebf5c58dcee
erlang-otp_mibs-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: f9aa0c26767bb7386f1f926f3c3bd10ec60c88e1b7fa57771c507b25fc6fbf62
erlang-parsetools-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 73da3b062c5bad611b4f2792c1dac51247a54e8914d05603f59d84eddfb535cb
erlang-percept-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: abef7f08f0a4264644b55b4d90875c3ff945f34e703ca20021db69180ff1aaa7
erlang-public_key-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 68f6ccb3c73b6689ecc9cdd6cce1399c213e7e5a181b4ea63ac408f570b6b918
erlang-runtime_tools-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 8a5ba985eb410f0eafa04c01529d5007af0b888ed276705c78a23d052bafbfa7
erlang-sasl-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: ad2369ad46f38307b44fdbb1455b56d57e69eab5dd0ba085824093e80d1d4fcc
erlang-snmp-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: db0fdb2bf823370347d0bf578f626e8ff5a67e11cfef3ea468e1f363681a5f83
erlang-ssh-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 039043c183728238140f9aab955da3b6df0c1a794954077937f6e6ea04accb09
erlang-ssl-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: fccb82fd88a4fdd37a0b0fb5791fab1fc507140b1cc92f5126917078f659c9ce
erlang-stdlib-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 7b532932bedba5d27449df71c9cc7abbfb8d87438f79df8604d84dc3ae6b8de0
erlang-syntax_tools-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: fe412370cad21c1636362150df4595ee43f9f714747790b792e1152b1c7e8534
erlang-tools-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 44bb6c8d94d77081838c4fabf7241d97d0a84663a420c7e2822a0a654753d138
erlang-xmerl-18.3.4.7-1.el7ost.x86_64.rpm SHA-256: 2cd1dde25d5a94259b98ff84281b5ce29ee5c2eee056bbc3762b7951a84eb950

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.