Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-asn1" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-asn1-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-base" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-base-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-common-test" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-common-test-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-crypto" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-crypto-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-debugger" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-dev" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-dialyzer" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-dialyzer-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-diameter" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-doc" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-edoc" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-eldap" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-erl-docgen" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-et" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-eunit" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-examples" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-ftp" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-inets" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-jinterface" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-manpages" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-megaco" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-megaco-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-mnesia" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-mode" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-nox" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-observer" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-odbc" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-odbc-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-os-mon" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-os-mon-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-parsetools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-public-key" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-reltool" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-runtime-tools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-runtime-tools-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-snmp" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-src" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-ssh" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-ssl" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-syntax-tools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-tftp" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-tools" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-tools-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-wx" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-wx-dbgsym" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-x11" }, { "binary_version": "1:24.2.1+dfsg-1ubuntu0.5", "binary_name": "erlang-xmerl" } ], "priority_reason": "Per upstream advisory, this is a low severity CVE" }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-asn1" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-asn1-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-base" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-base-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-common-test" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-common-test-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-crypto" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-crypto-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-debugger" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-dev" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-dialyzer" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-dialyzer-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-diameter" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-doc" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-edoc" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-eldap" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-erl-docgen" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-et" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-eunit" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-examples" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-ftp" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-inets" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-jinterface" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-manpages" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-megaco" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-megaco-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-mnesia" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-mode" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-nox" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-observer" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-odbc" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-odbc-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-os-mon" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-os-mon-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-parsetools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-public-key" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-reltool" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-runtime-tools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-runtime-tools-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-snmp" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-src" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-ssh" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-ssl" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-syntax-tools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-tftp" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-tools" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-wx" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-wx-dbgsym" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-x11" }, { "binary_version": "1:25.3.2.8+dfsg-1ubuntu4.4", "binary_name": "erlang-xmerl" } ], "priority_reason": "Per upstream advisory, this is a low severity CVE" }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-asn1" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-asn1-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-base" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-base-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-common-test" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-common-test-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-crypto" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-crypto-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-debugger" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-dev" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-dialyzer" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-dialyzer-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-diameter" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-doc" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-edoc" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-eldap" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-et" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-eunit" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-examples" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-ftp" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-inets" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-jinterface" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-megaco" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-megaco-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-mnesia" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-mode" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-nox" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-observer" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-odbc" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-odbc-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-os-mon" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-os-mon-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-parsetools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-public-key" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-reltool" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-runtime-tools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-runtime-tools-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-snmp" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-src" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-ssh" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-ssl" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-syntax-tools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-tftp" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-tools" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-wx" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-wx-dbgsym" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-x11" }, { "binary_version": "1:27.3+dfsg-1ubuntu1.2", "binary_name": "erlang-xmerl" } ], "priority_reason": "Per upstream advisory, this is a low severity CVE" }