Alerts This Week
Warning Icon 1 460
Alerts This Week
Warning Icon 1 460

Fedora 43 Erlang-gun Addresses Significant Session Fixation and DoS Risk

fedora
Calendar Grey June 20, 2026
Dist Fedora Esm H88
Erlang-gun 2.4.1 update addresses critical issues, ensuring security against session fixation and DoS attacks.
Gun ver

Summary

Erlang HTTP client with support for HTTP/1.1, HTTP/2, Websocket and more.

Update Information:

Gun ver. 2.4.1 and its dependencies New erlang-gun

Topics%20covered

Topics Covered

security advisory denial of service fedora software update important erlang-gun

Change Log

* Fri Jun 12 2026 Peter Lemenkov - 2.4.1-1 - gun ver. 2.4.1 * Wed Jun 10 2026 Peter Lemenkov - 2.4.0-1 - gun ver. 2.4.0

References


[ 1 ] Bug #2486315 - erlang-cowlib-2.17.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486315 [ 2 ] Bug #2486350 - erlang-gun-2.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2486350 [ 3 ] Bug #2486422 - CVE-2026-43972 erlang-gun: Gun: Cross-origin cookie injection leading to session fixation and account takeover. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486422 [ 4 ] Bug #2486423 - CVE-2026-43974 erlang-gun: gun: Denial of Service via unsolicited 101 Switching Protocols response [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486423 [ 5 ] Bug #2486424 - CVE-2026-43973 erlang-gun: gun: Denial of Service via unbounded HTTP/1.1 response buffering [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2486424 [ 6 ] Bug #2487823 - erlang-cowboy-2.16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2487823 [ 7 ] Bug #2487824 - erlang-cowlib-2.17.1 is ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2aa86d411f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: erlang-gun
Product: Fedora 43
Version: 2.4.1
Release: 1.fc43
URL: https://github.com/ninenines/gun
Summary: Erlang HTTP client with support for HTTP/1.1, HTTP/2, Websocket and more

Topics%20covered

Topics Covered

security advisory denial of service fedora software update important erlang-gun

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here