SUSE-SU-2018:0974-1: moderate: Security update for erlang

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed Apr 18 04:13:41 MDT 2018


   SUSE Security Update: Security update for erlang
______________________________________________________________________________

Announcement ID:    SUSE-SU-2018:0974-1
Rating:             moderate
References:         #1070960 
Cross-References:   CVE-2017-1000385
Affected Products:
                    SUSE OpenStack Cloud 7
                    SUSE Enterprise Storage 4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for erlang fixes the following security issue:

   - CVE-2017-1000385: An erlang TLS server configured with cipher suites
     using RSA key exchange, may be vulnerable to an Adaptive Chosen
     Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when
     exploited, may result in plaintext recovery of encrypted messages and/or
     a Man-in-the-middle (MiTM) attack, despite the attacker not having
     gained access to the server's private key itself. (bsc#1070960)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-652=1

   - SUSE Enterprise Storage 4:

      zypper in -t patch SUSE-Storage-4-2018-652=1



Package List:

   - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):

      erlang-17.5.6-3.3.1
      erlang-debuginfo-17.5.6-3.3.1
      erlang-debugsource-17.5.6-3.3.1
      erlang-epmd-17.5.6-3.3.1
      erlang-epmd-debuginfo-17.5.6-3.3.1

   - SUSE Enterprise Storage 4 (aarch64 x86_64):

      erlang-17.5.6-3.3.1
      erlang-debuginfo-17.5.6-3.3.1
      erlang-debugsource-17.5.6-3.3.1
      erlang-epmd-17.5.6-3.3.1
      erlang-epmd-debuginfo-17.5.6-3.3.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000385.html
   https://bugzilla.suse.com/1070960



More information about the sle-updates mailing list