Bug 14715

Newest Fedora 20 advisory for erlang, containing the SSLv3 disabling:
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146184.html

Patched packages uploaded for Mageia 4 and Cauldron.

Advisory:
========================

Updated erlang packages fixes security vulnerability:

An FTP command injection flaw was found in Erlang's FTP module. Several
functions in the FTP module do not properly sanitize the input before passing
it into a control socket. A local attacker can use this flaw to execute
arbitrary FTP commands on a system that uses this module (CVE-2014-1693).

This update also disables SSLv3 by default to mitigate the POODLE issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1693
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145017.html
https://lists.fedoraproject.org/pipermail/package-announce/2014-December/146184.html
========================

Updated package in core/updates_testing:
========================
erlang-stack-R16B02-2.1.mga4
erlang-base-R16B02-2.1.mga4
erlang-devel-R16B02-2.1.mga4
erlang-manpages-R16B02-2.1.mga4
erlang-appmon-R16B02-2.1.mga4
erlang-dialyzer-R16B02-2.1.mga4
erlang-diameter-R16B02-2.1.mga4
erlang-edoc-R16B02-2.1.mga4
erlang-emacs-R16B02-2.1.mga4
erlang-jinterface-R16B02-2.1.mga4
erlang-asn1-R16B02-2.1.mga4
erlang-common_test-R16B02-2.1.mga4
erlang-compiler-R16B02-2.1.mga4
erlang-cosEvent-R16B02-2.1.mga4
erlang-cosEventDomain-R16B02-2.1.mga4
erlang-cosFileTransfer-R16B02-2.1.mga4
erlang-cosNotification-R16B02-2.1.mga4
erlang-cosProperty-R16B02-2.1.mga4
erlang-cosTime-R16B02-2.1.mga4
erlang-cosTransactions-R16B02-2.1.mga4
erlang-crypto-R16B02-2.1.mga4
erlang-debugger-R16B02-2.1.mga4
erlang-docbuilder-R16B02-2.1.mga4
erlang-erl_docgen-R16B02-2.1.mga4
erlang-erl_interface-R16B02-2.1.mga4
erlang-et-R16B02-2.1.mga4
erlang-eunit-R16B02-2.1.mga4
erlang-gs-R16B02-2.1.mga4
erlang-hipe-R16B02-2.1.mga4
erlang-ic-R16B02-2.1.mga4
erlang-inets-R16B02-2.1.mga4
erlang-megaco-R16B02-2.1.mga4
erlang-mnesia-R16B02-2.1.mga4
erlang-observer-R16B02-2.1.mga4
erlang-odbc-R16B02-2.1.mga4
erlang-orber-R16B02-2.1.mga4
erlang-os_mon-R16B02-2.1.mga4
erlang-otp_mibs-R16B02-2.1.mga4
erlang-parsetools-R16B02-2.1.mga4
erlang-percept-R16B02-2.1.mga4
erlang-pman-R16B02-2.1.mga4
erlang-public_key-R16B02-2.1.mga4
erlang-reltool-R16B02-2.1.mga4
erlang-runtime_tools-R16B02-2.1.mga4
erlang-snmp-R16B02-2.1.mga4
erlang-ssh-R16B02-2.1.mga4
erlang-ssl-R16B02-2.1.mga4
erlang-syntax_tools-R16B02-2.1.mga4
erlang-test_server-R16B02-2.1.mga4
erlang-toolbar-R16B02-2.1.mga4
erlang-tools-R16B02-2.1.mga4
erlang-typer-R16B02-2.1.mga4
erlang-tv-R16B02-2.1.mga4
erlang-webtool-R16B02-2.1.mga4
erlang-wx-R16B02-2.1.mga4
erlang-xmerl-R16B02-2.1.mga4
erlang-eldap-R16B02-2.1.mga4

from erlang-R16B02-2.1.mga4.src.rpm

Assignee: joequant => qa-bugs
Whiteboard: MGA4TOO => (none)
Version: Cauldron => 4
Blocks: 14674 => (none)

MGA4-64 on HP Probook 6555b KDE.
No installation issues.
Checked that erl shell opens (cfr bug 7062)

Whiteboard: (none) => MGA4-64-OK
CC: (none) => herman.viaene

MGA4-32 on Acer D620 Xfce.
No installation issues.
Checked that erl shell opens (cfr bug 7062)

Whiteboard: MGA4-64-OK => MGA4-32-OK MGA4-64-OK

Validating. Advisory uploaded.

Please push to 4 updates

Thanks

CC: (none) => sysadmin-bugs
Whiteboard: MGA4-32-OK MGA4-64-OK => has_procedure advisory MGA4-32-OK MGA4-64-OK
Keywords: (none) => validated_update

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0553.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED