Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639662 (CVE-2017-1000385) - <dev-lang/erlang-20.3: TLS server vulnerable to Adaptive Chosen Ciphertext attack allowing plaintext recovery or MITM attack (CVE-2017-1000385)
Summary: <dev-lang/erlang-20.3: TLS server vulnerable to Adaptive Chosen Ciphertext at...
Alias: CVE-2017-1000385
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on: 649202
  Show dependency tree
Reported: 2017-12-03 19:26 UTC by Hanno Böck
Modified: 2019-10-26 21:46 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2017-12-03 19:26:56 UTC
The Erlang ssl module is vulnerable to a cryptographic attack against the RSA key exchange. This has been fixed in OTP,, 20.1.7.

Please update. Currently erlang 19.1 is stable on most archs. Depending on whether you want to continue supporting 18/19 we may need updates in multiple branches.
Comment 1 Pacho Ramos gentoo-dev 2018-04-03 07:42:41 UTC
20.3 should get this fixed (and stabilizing it with net-im/ejabberd-17.04-r2 will finally allow to drop old branches)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-26 21:46:27 UTC
Already fixed, repository is clean. All done!