USN-6059-1: Erlang vulnerability

Publication date

8 May 2023

Overview

Erlang could allow unintended access to network services.


Packages

  • erlang - Concurrent, real-time, distributed functional language

Details

It was discovered that Erlang did not properly implement TLS client
certificate validation during the TLS handshake. A remote attacker could
use this issue to bypass client authentication.

It was discovered that Erlang did not properly implement TLS client
certificate validation during the TLS handshake. A remote attacker could
use this issue to bypass client authentication.

Update instructions

After a standard system update you need to reboot your computer to make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:


Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›