USN-6059-1

See a problem?
Source
https://ubuntu.com/security/notices/USN-6059-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6059-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6059-1
Related
Published
2023-05-08T08:40:04.782415Z
Modified
2023-05-08T08:40:04.782415Z
Summary
erlang vulnerability
Details

It was discovered that Erlang did not properly implement TLS client certificate validation during the TLS handshake. A remote attacker could use this issue to bypass client authentication.

References

Affected packages

Ubuntu:22.04:LTS / erlang

Package

Name
erlang

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:24.2.1+dfsg-1ubuntu0.1

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "erlang-asn1": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-public-key": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-os-mon": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-diameter": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-jinterface": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-src": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-erl-docgen": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-common-test": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-tftp": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-megaco": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-edoc": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-mnesia": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-runtime-tools": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-doc": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-eldap": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-syntax-tools": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-snmp": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-reltool": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-x11": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-odbc": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-nox": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-observer": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-examples": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-et": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-crypto": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-ssh": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-eunit": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-manpages": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-parsetools": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-ftp": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-inets": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-debugger": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-ssl": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-mode": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-wx": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-xmerl": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-tools": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-dev": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-dialyzer": "1:24.2.1+dfsg-1ubuntu0.1",
            "erlang-base": "1:24.2.1+dfsg-1ubuntu0.1"
        }
    ]
}

Ubuntu:20.04:LTS / erlang

Package

Name
erlang

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:22.2.7+dfsg-1ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription needed",
    "binaries": [
        {
            "erlang-asn1": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-public-key": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-os-mon": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-diameter": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-jinterface": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-src": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-erl-docgen": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-common-test": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-tftp": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-megaco": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-edoc": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-mnesia": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-runtime-tools": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-doc": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-eldap": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-syntax-tools": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-snmp": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-reltool": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-x11": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-odbc": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-nox": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-observer": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-examples": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-et": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-crypto": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-ssh": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-eunit": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-base-hipe": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-manpages": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-parsetools": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-ftp": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-inets": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-debugger": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-ssl": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-wx": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-mode": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-xmerl": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-tools": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-dev": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-dialyzer": "1:22.2.7+dfsg-1ubuntu0.2",
            "erlang-base": "1:22.2.7+dfsg-1ubuntu0.2"
        }
    ]
}