SUSE-SU-2026:2010-1

Details

Description of the patch:

This update for erlang26 fixes the following issues

Security issues:

CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal (bsc#1258663).
CVE-2026-23941: HTTP Request Smuggling in Erlang OTP (bsc#1259687).
CVE-2026-23942: path traversal vulnerability in Erlang OTP (bsc#1259681).
CVE-2026-23943: denial of service due to improper handling of highly compressed data in Erlang OTP ssh (bsc#1259682).
CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).
CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in SFTP chroot (bsc#1262503).

Non security issue:

Fixes for FIPS mode (jsc#PED-15166.

Affected Packages

erlang26

SUSE Linux Enterprise Module for Server Applications 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6

Fixed in:

26.2.1-150300.7.25.1

erlang26-epmd

SUSE Linux Enterprise Module for Server Applications 15 SP7SUSE Linux Enterprise Server 15 SP6-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP6

Fixed in:

26.2.1-150300.7.25.1

References

ADVISORY

https://bugzilla.suse.com/1258663

ADVISORY

https://bugzilla.suse.com/1259681

ADVISORY

https://bugzilla.suse.com/1259682

ADVISORY

https://bugzilla.suse.com/1259687

ADVISORY