Date: Thu, 11 Jun 2026 01:51:07 +0000 From: Jimmy Olgeni <olgeni@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 81a6669e034d - main - security/vuxml: Document Erlang/OTP June 2026 vulnerabilities Message-ID: <6a2a148b.19ce5.5d8f4312@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by olgeni: URL: https://cgit.FreeBSD.org/ports/commit/?id=81a6669e034d07e3db13eff0688b32365ceff302 commit 81a6669e034d07e3db13eff0688b32365ceff302 Author: Jimmy Olgeni <olgeni@FreeBSD.org> AuthorDate: 2026-06-10 14:03:24 +0000 Commit: Jimmy Olgeni <olgeni@FreeBSD.org> CommitDate: 2026-06-11 01:49:13 +0000 security/vuxml: Document Erlang/OTP June 2026 vulnerabilities --- security/vuxml/vuln/2026.xml | 254 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index c80fcc6a9aed..6a0f0f9abe7d 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,257 @@ + <vuln vid="d87db2a1-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- buffer overflow parsing SCTP ERROR/ABORT chunks</topic> + <affects> + <package> + <name>erlang-runtime27</name> + <range><lt>27.3.4.13</lt></range> + </package> + <package> + <name>erlang-runtime28</name> + <range><lt>28.5.0.2</lt></range> + </package> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97 reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97">; + <p>A buffer overflow error when parsing SCTP ERROR or ABORT + chunks has been fixed. This could lead to stack corruption and + VM crash, but ultimately with hard work by an attacker be + refined into maybe even remote code execution.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-49759</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + + <vuln vid="d87de755-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms</topic> + <affects> + <package> + <name>erlang-runtime27</name> + <range><lt>27.3.4.13</lt></range> + </package> + <package> + <name>erlang-runtime28</name> + <range><lt>28.5.0.2</lt></range> + </package> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j">; + <p>Fixed a stack overflow in ei_s_print_term in erl_interface + for very large integer terms (more than 2000 hexadecimal digits + long).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-49760</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + + <vuln vid="d87e0681-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- FTP passive-mode client does not validate server response IP</topic> + <affects> + <package> + <name>erlang-runtime27</name> + <range><lt>27.3.4.13</lt></range> + </package> + <package> + <name>erlang-runtime28</name> + <range><lt>28.5.0.2</lt></range> + </package> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq">; + <p>The FTP client in passive mode did not validate the IP + address returned in the server's response, allowing a + compromised or malicious server to redirect the data connection + to an arbitrary host. This enables server-side request forgery + (SSRF) and FTP bounce attacks.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-48858</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + + <vuln vid="d87e2466-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- httpc leaks authentication headers on cross-host redirect</topic> + <affects> + <package> + <name>erlang-runtime27</name> + <range><lt>27.3.4.13</lt></range> + </package> + <package> + <name>erlang-runtime28</name> + <range><lt>28.5.0.2</lt></range> + </package> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh">; + <p>The HTTP client (httpc) in inets now removes Authorization, + Proxy-Authorization, Cookie, Referer, and Origin headers when + following a redirect to a different host or port, following the + requirements of RFC 9110 section 15.4. Previously these headers + were forwarded verbatim, potentially leaking credentials to + unintended targets.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-48856</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + + <vuln vid="d87e41a4-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- SFTP READLINK discloses server filesystem paths</topic> + <affects> + <package> + <name>erlang-runtime27</name> + <range><lt>27.3.4.13</lt></range> + </package> + <package> + <name>erlang-runtime28</name> + <range><lt>28.5.0.2</lt></range> + </package> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh">; + <p>The SSH SFTP daemon's handling of SSH_FXP_READLINK returned + symbolic link targets containing the server's absolute + filesystem path, disclosing the backend root prefix to clients. + The handler now strips the backend root prefix from symlink + targets before returning them.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-48855</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + + <vuln vid="d87e5fb4-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- TLS distribution check_ip flag does not enforce same-LAN constraint</topic> + <affects> + <package> + <name>erlang-runtime27</name> + <range><lt>27.3.4.13</lt></range> + </package> + <package> + <name>erlang-runtime28</name> + <range><lt>28.5.0.2</lt></range> + </package> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv">; + <p>Erlang distribution over TLS run with the kernel check_ip + flag now properly enforces connecting nodes to be on the same + LAN. Previously the constraint was not enforced.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-48860</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + + <vuln vid="d87e7df5-64d4-11f1-ab11-4c526214c986"> + <topic>Erlang/OTP -- timing-based username enumeration in SSH password authentication</topic> + <affects> + <package> + <name>erlang-runtime29</name> + <range><lt>29.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 reports:</p> + <blockquote cite="https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4">; + <p>A timing-based username enumeration vulnerability during + password authentication with the user_passwords option has been + fixed by performing a dummy PBKDF2 computation for invalid + usernames, so authentication timing no longer reveals whether a + username exists.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-48859</cvename> + <url>https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4</url>; + </references> + <dates> + <discovery>2026-06-10</discovery> + <entry>2026-06-10</entry> + </dates> + </vuln> + <vuln vid="7ce71561-64c7-11f1-99fc-40b034429ecf"> <topic>p5-ack -- Multiple issues</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a2a148b.19ce5.5d8f4312>