Debian has issued an advisory today (December 8): https://www.debian.org/security/2017/dsa-4057 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing some committers
Assignee: bugsquad => pkg-bugsCC: (none) => geiger.david68210, joequant, mageia, marja11, thierry.vignaud
Some links about this here on an announcement from December 12: http://openwall.com/lists/oss-security/2017/12/12/6
Fedora has issued an advisory for this on December 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EBU47YGGM2XN7TPH2QX52ZGVRRLIGXAS/ It appears to have been fixed upstream in 19.3.6.4.
The upstream patch from the 18 branch works for our 18.3.2 we have in Mageia 6 and Cauldron. Even Debian's backports for older versions weren't enough for me to be able to backport it to R16B02 in Mageia 5. Fixed in erlang-18.3.2-15.mga7 in Cauldron. Patch checked into Mageia 6 SVN.
Version: Cauldron => 6Whiteboard: MGA6TOO, MGA5TOO => (none)
Advisory: ======================== Updated erlang packages fix security vulnerability: It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys (CVE-2017-1000385). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000385 https://www.debian.org/security/2017/dsa-4057 ======================== Updated packages in core/updates_testing: ======================== erlang-18.3.2-9.1.mga6 emacs-erlang-18.3.2-9.1.mga6 erlang-asn1-18.3.2-9.1.mga6 erlang-common_test-18.3.2-9.1.mga6 erlang-compiler-18.3.2-9.1.mga6 erlang-cosEvent-18.3.2-9.1.mga6 erlang-cosEventDomain-18.3.2-9.1.mga6 erlang-cosFileTransfer-18.3.2-9.1.mga6 erlang-cosNotification-18.3.2-9.1.mga6 erlang-cosProperty-18.3.2-9.1.mga6 erlang-cosTime-18.3.2-9.1.mga6 erlang-cosTransactions-18.3.2-9.1.mga6 erlang-crypto-18.3.2-9.1.mga6 erlang-debugger-18.3.2-9.1.mga6 erlang-dialyzer-18.3.2-9.1.mga6 erlang-diameter-18.3.2-9.1.mga6 erlang-doc-18.3.2-9.1.mga6 erlang-edoc-18.3.2-9.1.mga6 erlang-eldap-18.3.2-9.1.mga6 erlang-erl_docgen-18.3.2-9.1.mga6 erlang-erl_interface-18.3.2-9.1.mga6 erlang-erts-18.3.2-9.1.mga6 erlang-et-18.3.2-9.1.mga6 erlang-eunit-18.3.2-9.1.mga6 erlang-examples-18.3.2-9.1.mga6 erlang-gs-18.3.2-9.1.mga6 erlang-hipe-18.3.2-9.1.mga6 erlang-ic-18.3.2-9.1.mga6 erlang-inets-18.3.2-9.1.mga6 erlang-jinterface-18.3.2-9.1.mga6 erlang-kernel-18.3.2-9.1.mga6 erlang-megaco-18.3.2-9.1.mga6 erlang-mnesia-18.3.2-9.1.mga6 erlang-observer-18.3.2-9.1.mga6 erlang-odbc-18.3.2-9.1.mga6 erlang-orber-18.3.2-9.1.mga6 erlang-os_mon-18.3.2-9.1.mga6 erlang-ose-18.3.2-9.1.mga6 erlang-otp_mibs-18.3.2-9.1.mga6 erlang-parsetools-18.3.2-9.1.mga6 erlang-percept-18.3.2-9.1.mga6 erlang-public_key-18.3.2-9.1.mga6 erlang-reltool-18.3.2-9.1.mga6 erlang-runtime_tools-18.3.2-9.1.mga6 erlang-sasl-18.3.2-9.1.mga6 erlang-snmp-18.3.2-9.1.mga6 erlang-ssh-18.3.2-9.1.mga6 erlang-ssl-18.3.2-9.1.mga6 erlang-stdlib-18.3.2-9.1.mga6 erlang-syntax_tools-18.3.2-9.1.mga6 erlang-test_server-18.3.2-9.1.mga6 erlang-tools-18.3.2-9.1.mga6 erlang-typer-18.3.2-9.1.mga6 erlang-webtool-18.3.2-9.1.mga6 erlang-wx-18.3.2-9.1.mga6 erlang-xmerl-18.3.2-9.1.mga6 from erlang-18.3.2-9.1.mga6.src.rpm
Assignee: pkg-bugs => qa-bugs
Installed the files from Core Release on Mageia 6 :: x86_64 Thankfully erlang itself pulls in most of the files listed. Upated from core updates testing. Tutorials Point gives some hints: https://www.tutorialspoint.com/erlang/erlang_environment.htm Edited a file called helloworld.erl: % hello world program -module(helloworld). -export([start/0]). start() -> io:fwrite("Hello, world!\n"). Compiled it: $ erlc helloworld.erl 2>&1 Executed helloworld: $ erl -noshell -s helloworld start -s init stop Hello, world! There is not much at /usr/share/doc/erlang-18.3.2/ but there is a reference for local documentation which I have not found yet. <inst-root>doc/installation_guide/users_guide.html Part of the package is erlang-examples which needs to be checked out. More on this later. Going to see if the manual can be downloaded from http://www.erlang.se/doc/
CC: (none) => tarazed25
The erlang-examples package is installed but there do not appear to be any examples available. It is possible that they are in the man pages but the only ones found are inaccessible: /usr/lib64/erlang/man/man3/ $ apropos erlang finds nothing. /bin contains: erl@ erlc@ run_erl@ to_erl@ erl is an interactive shell: $ erl --help Erlang/OTP 18 [erts-7.3.1] [source] [64-bit] [smp:8:8] [async-threads:10] [hipe] [kernel-poll:false] Eshell V7.3.1 (abort with ^G) 1> --> ? c [nn] - connect to job i [nn] - interrupt job k [nn] - kill job j - list all jobs s [shell] - start local shell r [node [shell]] - start remote shell q - quit erlang ? | h - this message --> q erlc is the compiler. $ run_erl --help Usage: run_erl (pipe_name|pipe_dir/) log_dir "command [parameters ...]" DESCRIPTION: You may also set the environment variables RUN_ERL_LOG_GENERATIONS and RUN_ERL_LOG_MAXSIZE to the number of log files to use and the size of the log file when to switch to the next log file $ to_erl No running Erlang on pipe /tmp/erlang.pipe: No such file or directory I have the impression that erlang is running fine here - it is just a bit difficult to get into without spending too much time. Giving this the OK.
Whiteboard: (none) => MGA6-64-OK
Rider to comment 7. the man pages are accessible like this: $ man -l /usr/lib64/erlang/man/man1/run_erl.1
Or $ man -M /usr/lib64/erlang/man/ 1 run_erl
Thank you Len for poking this. I do not think we can hope for more than you did (before you become an erlang habitué!), so validating. Advisory uploaded.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
MGA6-32 on Dell Latitude D600 MATE No installation issues Following Len, created helloworld file $ erlc helloworld.erl 2>&1 $ erl -noshell -s helloworld start -s init stop Hello, world! $ erl --help Erlang/OTP 18 [erts-7.3.1] [source] [async-threads:10] [hipe] [kernel-poll:false] Eshell V7.3.1 (abort with ^G) 1> ? 1> help 1> 1> -->? 1> --> ? 1> q 1> quit 1> exit 1> BREAK: (a)bort (c)ontinue (p)roc info (i)nfo (l)oaded (v)ersion (k)ill (D)b-tables (d)istribution a here I could not follow what Len had typed exactly, but at least it did not crash. $ run_erl --help Usage: run_erl (pipe_name|pipe_dir/) log_dir "command [parameters ...]" DESCRIPTION: You may also set the environment variables RUN_ERL_LOG_GENERATIONS and RUN_ERL_LOG_MAXSIZE to the number of log files to use and the size of the log file when to switch to the next log file $ to_erl No running Erlang on pipe /tmp/erlang.pipe: No such file or directory Good enough for me.
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OKCC: (none) => herman.viaene
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0060.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED