This update for erlang fixes the following issues:
Security issues fixed:
- CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote
arbitrary reads/writes (bsc#1258663).
- CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP request
smuggling (bsc#1259687).
- CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead to path
traversal (bsc#1259681).
- CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of service
(bsc#1259682).
- CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).
- CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726).
- CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information disclosure
(bsc#1261734).
Other updates...
Read the Full Advisory- openSUSE Leap 16.0:
erlang-27.1.3-160000.4.1
erlang-debugger-27.1.3-160000.4.1
erlang-debugger-src-27.1.3-160000.4.1
erlang-dialyzer-27.1.3-160000.4.1
erlang-dialyzer-src-27.1.3-160000.4.1
erlang-diameter-27.1.3-160000.4.1
erlang-diameter-src-27.1.3-160000.4.1
erlang-doc-27.1.3-160000.4.1
erlang-epmd-27.1.3-160000.4.1
erlang-et-27.1.3-160000.4.1
erlang-et-src-27.1.3-160000.4.1
erlang-jinterface-27.1.3-160000.4.1
erlang-jinterface-src-27.1.3-160000.4.1
erlang-observer-27.1.3-160000.4.1
erlang-observer-src-27.1.3-160000.4.1
erlang-reltool-27.1.3-160000.4.1
erlang-reltool-src-27.1.3-160000.4.1
erlang-src-27.1.3-160000.4.1
erlang-wx-27.1.3-160000.4.1
erlang-wx-src-27.1.3-160000.4.1
* bsc#1258663
* bsc#1259681
* bsc#1259682
* bsc#1259687
* bsc#1261726
* bsc#1261728
* bsc#1261734
* bsc#1262288
References:
* https://www.suse.com/security/cve/CVE-2026-21620.html
* https://www.suse.com/security/cve/CVE-2026-23941.html
* https://www.suse.com/security/cve/CVE-2026-23942.html
* https://www.suse.com/security/cve/CVE-2026-23943.html
* https://www.suse.com/security/cve/CVE-2026-28808.html
* https://www.suse.com/security/cve/CVE-2026-28810.html
* https://www.suse.com/security/cve/CVE-2026-32144.html
Get the latest Linux and open source security news straight to your inbox.