Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Mar 2015 13:24:17 -0400 (EDT)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Erlang POODLE TLS vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> From the release notes of Erlang 18.0-rc1:
> http://www.erlang.org/news/85
> "ssl: ... added padding check for
> TLS-1.0 due to the Poodle vulnerability."
> 
> This indicates that Erlang was vulnerable to the TLS-variant of the
> poodle vulnerability due to missing padding checks
> 
> this clearly is an implementation error and thus should be considered a
> vuln.

Use CVE-2015-2774.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVFZGTAAoJEKllVAevmvmsrb8H/jlkxOnhkQ0hIZ/XURZYf31O
i2LIOF4W5YkEmuI8W1EI9s+3UDf0gbJ4tQ54djwG0BF9I48T1jrl+MxWcco0nK8Q
p2jDrqj28gjlPnxoOslUoTSMZqvHrl591OCRpkLn+1ggK8wL75gpEhEscGrux64u
GaAjg5fklTUqf9aGWwYADk2bRZS6lOVwHHErHn8bvXsiST3vvhqIL03xNJBIl4MH
2/Km1nigVtBEthhhkXAtAl5Vds7BKxUUJOdNAvqPIu7s17b3bG464txNGrpdk7I+
+ImUdaTHg+XS/9MrqhF8GylUMgtBeYuibp3xBqOZEEZzfzHtfJg8zFKmrjJE3g8=
=mfFG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ