[ MDVSA-2015:174 ] erlang

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:174
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : erlang
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated erlang packages fixes security vulnerability:
 
 An FTP command injection flaw was found in Erlang's FTP module. Several
 functions in the FTP module do not properly sanitize the input before
 passing it into a control socket. A local attacker can use this flaw
 to execute arbitrary FTP commands on a system that uses this module
 (CVE-2014-1693).
 
 This update also disables SSLv3 by default to mitigate the POODLE
 issue.
 _______________________________________________________________________

 References:

 http://c

007 Software

[ MDVSA-2015:174 ] erlang

Leave a Reply Cancel reply

Software and Security Information