USN-7961-1

Details

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions.

Affected Packages

erlang

Ubuntu 24.04 LTS

Fixed in:

1:25.3.2.8+dfsg-1ubuntu4.6

References

REPORThttps://ubuntu.com/security/CVE-2024-53846 ADVISORYhttps://ubuntu.com/security/notices/USN-7961-1

USN-7961-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline