Red Hat Security Advisory 2018-0528-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Issues addressed include a man-in-the-middle vulnerability.
372a0abd076134eead331d3655baa5f73e9be7f5fdf3e7d32cc05c357e4a3f50
Red Hat Security Advisory 2018-0368-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.
c277ef4292fb94d1f0c544f81ff9ce2da9d994760f2291a7c44ff52aed0b6311
Ubuntu Security Notice 3571-1 - It was discovered that the Erlang FTP module incorrectly handled certain CRLF sequences. A remote attacker could possibly use this issue to inject arbitrary FTP commands. This issue only affected Ubuntu 14.04 LTS. It was discovered that Erlang incorrectly checked CBC padding bytes. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
17cd261b5bd06018d5a33b401a3ff15f84875562d975783f5ffda1ae13006e8f
Red Hat Security Advisory 2018-0303-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.
bf64648688c5cc77e5c976bff6f7a5dc3e51d89818d6d8d52670e04aaeba0d0a
Red Hat Security Advisory 2018-0242-01 - Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Security Fix: An erlang TLS server configured with cipher suites using RSA key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack against RSA. This may result in plain-text recovery of encrypted messages and/or a man-in-the-middle attack, despite the attacker not having gained access to the serveras private key itself.
e3add1cb1128a45de26537048fd9f3350801d1970edd25209ab5d3fb8c55a0e3
Debian Linux Security Advisory 4057-1 - It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys.
2ae6574a92f94375c6ff4810f0f2c5b30ddee798e92a1eb825301717c5a04a15