From nobody Thu Jun 11 01:51:07 2026 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4gbQbb6hnlz6hDLh for ; Thu, 11 Jun 2026 01:51:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4gbQbb5LPpz3wgF for ; Thu, 11 Jun 2026 01:51:07 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781142667; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k81mySchEa6IS5rL7GP2ZwXs7fo4cEtbc3J5ECvaXVQ=; b=Q1wq7xUCuTpGOnBvbrbxXgCz+eppgB7jhbvqIcy4Q4BoYB2mP67WMqfhawd1HixyJN7M6E vs0EIm6NzWG+2kKMybpihxHyDHC75s3qIId3rY24OA2FTk034byLA3/hCBKksX7BqfhwCv y+XdjDE3hqcp3N42tWY17AdcvAXuXTEVAWfS8EiH0+LXzEZ3Wzfx1dzNPQ3sMb6S+toV3d vRJMWdy30zwufemBTi08r43/Kr/fmt8NiSpmxsEdU3NQPbJ7vqxQTVnCMxFeuHnetXTdDh txhQkic7Y9ntJSSo9mwZXJLUZ1ZcyyJMCPyqFz/KWe5/DN/iqUA2AT9fnAMQGw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1781142667; a=rsa-sha256; cv=none; b=cp/4QgnKVZS8Y2ggCttLxJskqGiCDi1u/0lEKh0hfdv4qdV6X9B36SryB8AEs27IhqNhBN mO38A+aRxuBKQwsLVshtgVJmOP5Oogbw0pYtImU/iLWSUb4+5dKa39OPrrvcIfdylJgTwZ d26XOtxMA62QBS5NeeI5BrwC0WrD9Jkg/ptb4qes5K8mki0NY++wGfM86jPzZfBiG2RPkd 8Dm/tceU0Yk3nPOWIVircHo7cQU0Fc/8IgDwToF6rKaPHs4hMaDWCYZp3UreXmK2L+ZpMb 0lWV1kAFHyE5G9QYd7S/yndh5M1o+P+u3WnFtcnb2cajFS2190e8Z0wkc2euFg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1781142667; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k81mySchEa6IS5rL7GP2ZwXs7fo4cEtbc3J5ECvaXVQ=; b=gesSugUMxvB6JHrYGoiXbB0HqYy5YULFSluS0cUasA3cktFPPZYO6w78iWF6ywHBn8iafn s8XOQL1zbeKOVN/tdIBVJPjgW/T9A0yMw3p+fcBjpZ8v1MW0mV1wADgjajFo1V3lKk7HTM 3vdJbGSS1xhMxy8xhC1sKgdeFAHS7C+iy+ZxmBZwIaM6C2dnBFyzibPVV4ChOr1fMdq/+X 7gckqvh14em9vDP7cp81EfiCvZB1Cg7kH6FR2Fv/TTsPXvqVDtbGL+lAy3TfMohV+svxPO +6aBDRtsD7CKjnf2Ao6FXOSRvF7eSSQYWBZvUHibxvWZo/pxpzRR0T2jHPMciA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4gbQbb4wVMzWGr for ; Thu, 11 Jun 2026 01:51:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 19ce5 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 11 Jun 2026 01:51:07 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Jimmy Olgeni Subject: git: 81a6669e034d - main - security/vuxml: Document Erlang/OTP June 2026 vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-all@freebsd.org Sender: owner-dev-commits-ports-all@FreeBSD.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: List-Owner: Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olgeni X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 81a6669e034d07e3db13eff0688b32365ceff302 Auto-Submitted: auto-generated Date: Thu, 11 Jun 2026 01:51:07 +0000 Message-Id: <6a2a148b.19ce5.5d8f4312@gitrepo.freebsd.org> The branch main has been updated by olgeni: URL: https://cgit.FreeBSD.org/ports/commit/?id=81a6669e034d07e3db13eff0688b32365ceff302 commit 81a6669e034d07e3db13eff0688b32365ceff302 Author: Jimmy Olgeni AuthorDate: 2026-06-10 14:03:24 +0000 Commit: Jimmy Olgeni CommitDate: 2026-06-11 01:49:13 +0000 security/vuxml: Document Erlang/OTP June 2026 vulnerabilities --- security/vuxml/vuln/2026.xml | 254 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 254 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index c80fcc6a9aed..6a0f0f9abe7d 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,257 @@ + + Erlang/OTP -- buffer overflow parsing SCTP ERROR/ABORT chunks + + + erlang-runtime27 + 27.3.4.13 + + + erlang-runtime28 + 28.5.0.2 + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97 reports:

+
+

A buffer overflow error when parsing SCTP ERROR or ABORT + chunks has been fixed. This could lead to stack corruption and + VM crash, but ultimately with hard work by an attacker be + refined into maybe even remote code execution.

+
+ + + + CVE-2026-49759 + https://github.com/erlang/otp/security/advisories/GHSA-6f4f-chj5-5g97 + + + 2026-06-10 + 2026-06-10 + + + + + Erlang/OTP -- stack overflow in ei_s_print_term for very large integer terms + + + erlang-runtime27 + 27.3.4.13 + + + erlang-runtime28 + 28.5.0.2 + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j reports:

+
+

Fixed a stack overflow in ei_s_print_term in erl_interface + for very large integer terms (more than 2000 hexadecimal digits + long).

+
+ + + + CVE-2026-49760 + https://github.com/erlang/otp/security/advisories/GHSA-xcxj-5pg2-v72j + + + 2026-06-10 + 2026-06-10 + + + + + Erlang/OTP -- FTP passive-mode client does not validate server response IP + + + erlang-runtime27 + 27.3.4.13 + + + erlang-runtime28 + 28.5.0.2 + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports:

+
+

The FTP client in passive mode did not validate the IP + address returned in the server's response, allowing a + compromised or malicious server to redirect the data connection + to an arbitrary host. This enables server-side request forgery + (SSRF) and FTP bounce attacks.

+
+ + + + CVE-2026-48858 + https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq + + + 2026-06-10 + 2026-06-10 + + + + + Erlang/OTP -- httpc leaks authentication headers on cross-host redirect + + + erlang-runtime27 + 27.3.4.13 + + + erlang-runtime28 + 28.5.0.2 + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports:

+
+

The HTTP client (httpc) in inets now removes Authorization, + Proxy-Authorization, Cookie, Referer, and Origin headers when + following a redirect to a different host or port, following the + requirements of RFC 9110 section 15.4. Previously these headers + were forwarded verbatim, potentially leaking credentials to + unintended targets.

+
+ + + + CVE-2026-48856 + https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh + + + 2026-06-10 + 2026-06-10 + + + + + Erlang/OTP -- SFTP READLINK discloses server filesystem paths + + + erlang-runtime27 + 27.3.4.13 + + + erlang-runtime28 + 28.5.0.2 + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh reports:

+
+

The SSH SFTP daemon's handling of SSH_FXP_READLINK returned + symbolic link targets containing the server's absolute + filesystem path, disclosing the backend root prefix to clients. + The handler now strips the backend root prefix from symlink + targets before returning them.

+
+ + + + CVE-2026-48855 + https://github.com/erlang/otp/security/advisories/GHSA-pv7g-pjrq-x2fh + + + 2026-06-10 + 2026-06-10 + + + + + Erlang/OTP -- TLS distribution check_ip flag does not enforce same-LAN constraint + + + erlang-runtime27 + 27.3.4.13 + + + erlang-runtime28 + 28.5.0.2 + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv reports:

+
+

Erlang distribution over TLS run with the kernel check_ip + flag now properly enforces connecting nodes to be on the same + LAN. Previously the constraint was not enforced.

+
+ + + + CVE-2026-48860 + https://github.com/erlang/otp/security/advisories/GHSA-gp7x-mfv6-52cv + + + 2026-06-10 + 2026-06-10 + + + + + Erlang/OTP -- timing-based username enumeration in SSH password authentication + + + erlang-runtime29 + 29.0.2 + + + + +

https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 reports:

+
+

A timing-based username enumeration vulnerability during + password authentication with the user_passwords option has been + fixed by performing a dummy PBKDF2 computation for invalid + usernames, so authentication timing no longer reveals whether a + username exists.

+
+ + + + CVE-2026-48859 + https://github.com/erlang/otp/security/advisories/GHSA-3w6p-vwhf-wvp4 + + + 2026-06-10 + 2026-06-10 + + + p5-ack -- Multiple issues