erlang-24.0.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10740 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z erlang-24.0.5-2.1 on GA media These are all security issues fixed in the erlang-24.0.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10740 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10740 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-25623/ SUSE CVE CVE-2020-25623 page https://www.suse.com/security/cve/CVE-2020-35733/ SUSE CVE CVE-2020-35733 page openSUSE Tumbleweed erlang-24.0.5-2.1 erlang-debugger-24.0.5-2.1 erlang-debugger-src-24.0.5-2.1 erlang-dialyzer-24.0.5-2.1 erlang-dialyzer-src-24.0.5-2.1 erlang-diameter-24.0.5-2.1 erlang-diameter-src-24.0.5-2.1 erlang-doc-24.0.5-2.1 erlang-epmd-24.0.5-2.1 erlang-et-24.0.5-2.1 erlang-et-src-24.0.5-2.1 erlang-jinterface-24.0.5-2.1 erlang-jinterface-src-24.0.5-2.1 erlang-observer-24.0.5-2.1 erlang-observer-src-24.0.5-2.1 erlang-reltool-24.0.5-2.1 erlang-reltool-src-24.0.5-2.1 erlang-src-24.0.5-2.1 erlang-wx-24.0.5-2.1 erlang-wx-src-24.0.5-2.1 erlang-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-debugger-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-debugger-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-dialyzer-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-dialyzer-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-diameter-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-diameter-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-doc-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-epmd-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-et-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-et-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-jinterface-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-jinterface-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-observer-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-observer-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-reltool-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-reltool-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-src-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-wx-24.0.5-2.1 as a component of openSUSE Tumbleweed erlang-wx-src-24.0.5-2.1 as a component of openSUSE Tumbleweed Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. CVE-2020-25623 openSUSE Tumbleweed:erlang-24.0.5-2.1 openSUSE Tumbleweed:erlang-debugger-24.0.5-2.1 openSUSE Tumbleweed:erlang-debugger-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-dialyzer-24.0.5-2.1 openSUSE Tumbleweed:erlang-dialyzer-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-diameter-24.0.5-2.1 openSUSE Tumbleweed:erlang-diameter-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-doc-24.0.5-2.1 openSUSE Tumbleweed:erlang-epmd-24.0.5-2.1 openSUSE Tumbleweed:erlang-et-24.0.5-2.1 openSUSE Tumbleweed:erlang-et-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-jinterface-24.0.5-2.1 openSUSE Tumbleweed:erlang-jinterface-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-observer-24.0.5-2.1 openSUSE Tumbleweed:erlang-observer-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-reltool-24.0.5-2.1 openSUSE Tumbleweed:erlang-reltool-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-wx-24.0.5-2.1 openSUSE Tumbleweed:erlang-wx-src-24.0.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25623.html CVE-2020-25623 https://bugzilla.suse.com/1177354 SUSE Bug 1177354 An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. CVE-2020-35733 openSUSE Tumbleweed:erlang-24.0.5-2.1 openSUSE Tumbleweed:erlang-debugger-24.0.5-2.1 openSUSE Tumbleweed:erlang-debugger-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-dialyzer-24.0.5-2.1 openSUSE Tumbleweed:erlang-dialyzer-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-diameter-24.0.5-2.1 openSUSE Tumbleweed:erlang-diameter-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-doc-24.0.5-2.1 openSUSE Tumbleweed:erlang-epmd-24.0.5-2.1 openSUSE Tumbleweed:erlang-et-24.0.5-2.1 openSUSE Tumbleweed:erlang-et-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-jinterface-24.0.5-2.1 openSUSE Tumbleweed:erlang-jinterface-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-observer-24.0.5-2.1 openSUSE Tumbleweed:erlang-observer-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-reltool-24.0.5-2.1 openSUSE Tumbleweed:erlang-reltool-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-src-24.0.5-2.1 openSUSE Tumbleweed:erlang-wx-24.0.5-2.1 openSUSE Tumbleweed:erlang-wx-src-24.0.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-35733.html CVE-2020-35733 https://bugzilla.suse.com/1181073 SUSE Bug 1181073