Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

openSUSE Erlang Significant TFTP Directory Exploit Mitigation 2026-20607-2

opensuse
Calendar Grey April 23, 2026
Dist Opensuse Esm H88
Update for Erlang in openSUSE fixes 7 issues including DoS, path traversal, and more; essential security patch available now.
An update that solves 7 vulnerabilities and has 8 bug fixes can now be installed.

Description

This update for erlang fixes the following issues:

Security issues fixed:

- CVE-2026-21620: improper isolation and compartmentalization can lead to TFTP relative path traversal and remote

arbitrary reads/writes (bsc#1258663).

- CVE-2026-23941: improper handling of duplicate Content-Length headers in Erlang OTP can lead to HTTP request

smuggling (bsc#1259687).

- CVE-2026-23942: improper limitation of a pathname to a restricted directory in the SFTP server can lead to path

traversal (bsc#1259681).

- CVE-2026-23943: improper handling of highly compressed data in Erlang OTP ssh can lead to denial of service

(bsc#1259682).

- CVE-2026-28808: incorrect authorization can lead to unauthenticated access to protected CGI scripts (bsc#1261728).

- CVE-2026-28810: predictable DNS transaction IDs can lead to DNS cache poisoning (bsc#1261726).

- CVE-2026-32144: missing signature verification can lead to OCSP authorization bypass and information disclosure

(bsc#1261734).

Other updates...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

erlang-27.1.3-160000.4.1

erlang-debugger-27.1.3-160000.4.1

erlang-debugger-src-27.1.3-160000.4.1

erlang-dialyzer-27.1.3-160000.4.1

erlang-dialyzer-src-27.1.3-160000.4.1

erlang-diameter-27.1.3-160000.4.1

erlang-diameter-src-27.1.3-160000.4.1

erlang-doc-27.1.3-160000.4.1

erlang-epmd-27.1.3-160000.4.1

erlang-et-27.1.3-160000.4.1

erlang-et-src-27.1.3-160000.4.1

erlang-jinterface-27.1.3-160000.4.1

erlang-jinterface-src-27.1.3-160000.4.1

erlang-observer-27.1.3-160000.4.1

erlang-observer-src-27.1.3-160000.4.1

erlang-reltool-27.1.3-160000.4.1

erlang-reltool-src-27.1.3-160000.4.1

erlang-src-27.1.3-160000.4.1

erlang-wx-27.1.3-160000.4.1

erlang-wx-src-27.1.3-160000.4.1

References

* bsc#1258663

* bsc#1259681

* bsc#1259682

* bsc#1259687

* bsc#1261726

* bsc#1261728

* bsc#1261734

* bsc#1262288

References:

* https://www.suse.com/security/cve/CVE-2026-21620.html

* https://www.suse.com/security/cve/CVE-2026-23941.html

* https://www.suse.com/security/cve/CVE-2026-23942.html

* https://www.suse.com/security/cve/CVE-2026-23943.html

* https://www.suse.com/security/cve/CVE-2026-28808.html

* https://www.suse.com/security/cve/CVE-2026-28810.html

* https://www.suse.com/security/cve/CVE-2026-32144.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20607-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here