An update for erlang is now available for openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1912 Final 1.0 1.0 2023-12-15 Initial 2023-12-15 2023-12-15 openEuler SA Tool V1.0 2023-12-15 erlang security update An update for erlang is now available for openEuler-22.03-LTS. Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fix(es): In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.(CVE-2022-37026) An update for erlang is now available for openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical erlang https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1912 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-37026 https://nvd.nist.gov/vuln/detail/CVE-2022-37026 openEuler-22.03-LTS erlang-parsetools-23.3.4.9-3.oe2203.aarch64.rpm erlang-23.3.4.9-3.oe2203.aarch64.rpm erlang-public_key-23.3.4.9-3.oe2203.aarch64.rpm erlang-debugsource-23.3.4.9-3.oe2203.aarch64.rpm erlang-os_mon-23.3.4.9-3.oe2203.aarch64.rpm erlang-ftp-23.3.4.9-3.oe2203.aarch64.rpm erlang-xmerl-23.3.4.9-3.oe2203.aarch64.rpm erlang-debugger-23.3.4.9-3.oe2203.aarch64.rpm erlang-ssl-23.3.4.9-3.oe2203.aarch64.rpm erlang-runtime_tools-23.3.4.9-3.oe2203.aarch64.rpm erlang-observer-23.3.4.9-3.oe2203.aarch64.rpm erlang-crypto-23.3.4.9-3.oe2203.aarch64.rpm erlang-dialyzer-23.3.4.9-3.oe2203.aarch64.rpm erlang-wx-23.3.4.9-3.oe2203.aarch64.rpm erlang-stdlib-23.3.4.9-3.oe2203.aarch64.rpm erlang-et-23.3.4.9-3.oe2203.aarch64.rpm erlang-eunit-23.3.4.9-3.oe2203.aarch64.rpm erlang-eldap-23.3.4.9-3.oe2203.aarch64.rpm erlang-tools-23.3.4.9-3.oe2203.aarch64.rpm erlang-tftp-23.3.4.9-3.oe2203.aarch64.rpm erlang-megaco-23.3.4.9-3.oe2203.aarch64.rpm erlang-jinterface-23.3.4.9-3.oe2203.aarch64.rpm erlang-erl_interface-23.3.4.9-3.oe2203.aarch64.rpm erlang-diameter-23.3.4.9-3.oe2203.aarch64.rpm erlang-ssh-23.3.4.9-3.oe2203.aarch64.rpm erlang-reltool-23.3.4.9-3.oe2203.aarch64.rpm erlang-kernel-23.3.4.9-3.oe2203.aarch64.rpm erlang-erl_docgen-23.3.4.9-3.oe2203.aarch64.rpm erlang-compiler-23.3.4.9-3.oe2203.aarch64.rpm erlang-mnesia-23.3.4.9-3.oe2203.aarch64.rpm erlang-odbc-23.3.4.9-3.oe2203.aarch64.rpm erlang-hipe-23.3.4.9-3.oe2203.aarch64.rpm erlang-sasl-23.3.4.9-3.oe2203.aarch64.rpm erlang-inets-23.3.4.9-3.oe2203.aarch64.rpm erlang-examples-23.3.4.9-3.oe2203.aarch64.rpm erlang-edoc-23.3.4.9-3.oe2203.aarch64.rpm erlang-snmp-23.3.4.9-3.oe2203.aarch64.rpm erlang-common_test-23.3.4.9-3.oe2203.aarch64.rpm erlang-asn1-23.3.4.9-3.oe2203.aarch64.rpm erlang-debuginfo-23.3.4.9-3.oe2203.aarch64.rpm erlang-syntax_tools-23.3.4.9-3.oe2203.aarch64.rpm erlang-erts-23.3.4.9-3.oe2203.aarch64.rpm erlang-23.3.4.9-3.oe2203.src.rpm erlang-kernel-23.3.4.9-3.oe2203.x86_64.rpm erlang-observer-23.3.4.9-3.oe2203.x86_64.rpm erlang-odbc-23.3.4.9-3.oe2203.x86_64.rpm erlang-common_test-23.3.4.9-3.oe2203.x86_64.rpm erlang-debugger-23.3.4.9-3.oe2203.x86_64.rpm erlang-asn1-23.3.4.9-3.oe2203.x86_64.rpm erlang-runtime_tools-23.3.4.9-3.oe2203.x86_64.rpm erlang-dialyzer-23.3.4.9-3.oe2203.x86_64.rpm erlang-crypto-23.3.4.9-3.oe2203.x86_64.rpm erlang-parsetools-23.3.4.9-3.oe2203.x86_64.rpm erlang-tools-23.3.4.9-3.oe2203.x86_64.rpm erlang-et-23.3.4.9-3.oe2203.x86_64.rpm erlang-23.3.4.9-3.oe2203.x86_64.rpm erlang-compiler-23.3.4.9-3.oe2203.x86_64.rpm erlang-sasl-23.3.4.9-3.oe2203.x86_64.rpm erlang-debugsource-23.3.4.9-3.oe2203.x86_64.rpm erlang-mnesia-23.3.4.9-3.oe2203.x86_64.rpm erlang-os_mon-23.3.4.9-3.oe2203.x86_64.rpm erlang-examples-23.3.4.9-3.oe2203.x86_64.rpm erlang-megaco-23.3.4.9-3.oe2203.x86_64.rpm erlang-public_key-23.3.4.9-3.oe2203.x86_64.rpm erlang-ssh-23.3.4.9-3.oe2203.x86_64.rpm erlang-jinterface-23.3.4.9-3.oe2203.x86_64.rpm erlang-diameter-23.3.4.9-3.oe2203.x86_64.rpm erlang-wx-23.3.4.9-3.oe2203.x86_64.rpm erlang-erl_interface-23.3.4.9-3.oe2203.x86_64.rpm erlang-hipe-23.3.4.9-3.oe2203.x86_64.rpm erlang-eldap-23.3.4.9-3.oe2203.x86_64.rpm erlang-eunit-23.3.4.9-3.oe2203.x86_64.rpm erlang-syntax_tools-23.3.4.9-3.oe2203.x86_64.rpm erlang-tftp-23.3.4.9-3.oe2203.x86_64.rpm erlang-snmp-23.3.4.9-3.oe2203.x86_64.rpm erlang-ssl-23.3.4.9-3.oe2203.x86_64.rpm erlang-stdlib-23.3.4.9-3.oe2203.x86_64.rpm erlang-inets-23.3.4.9-3.oe2203.x86_64.rpm erlang-debuginfo-23.3.4.9-3.oe2203.x86_64.rpm erlang-xmerl-23.3.4.9-3.oe2203.x86_64.rpm erlang-erts-23.3.4.9-3.oe2203.x86_64.rpm erlang-edoc-23.3.4.9-3.oe2203.x86_64.rpm erlang-reltool-23.3.4.9-3.oe2203.x86_64.rpm erlang-ftp-23.3.4.9-3.oe2203.x86_64.rpm erlang-erl_docgen-23.3.4.9-3.oe2203.x86_64.rpm In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. 2023-12-15 CVE-2022-37026 openEuler-22.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H erlang security update 2023-12-15 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1912