SUSE-SU-2026:1714-1

Details

Description of the patch:

This update for erlang fixes the following issues:

CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal (bsc#1258663).
CVE-2026-23941: HTTP Request Smuggling in Erlang OTP (bsc#1259687).
CVE-2026-23942: path traversal vulnerability in Erlang OTP (bsc#1259681).
CVE-2026-23943: denial of service due to improper handling of highly compressed data in Erlang OTP ssh (bsc#1259682).
CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).

Affected Packages

erlang

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP7

Fixed in:

23.3.4.19-150300.3.32.1

erlang-epmd

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise High Performance Computing 15 SP5-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP5-LTSSSUSE Linux Enterprise Module for Server Applications 15 SP7

Fixed in:

23.3.4.19-150300.3.32.1

References

ADVISORY

https://bugzilla.suse.com/1258663

ADVISORY

https://bugzilla.suse.com/1259681

ADVISORY

https://bugzilla.suse.com/1259682

ADVISORY

https://bugzilla.suse.com/1259687

ADVISORY