[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: CVE request: Erlang POODLE TLS vulnerability
From:       cve-assign () mitre ! org
Date:       2015-03-27 17:24:17
Message-ID: 20150327172417.8602A6C0007 () smtpvmsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> From the release notes of Erlang 18.0-rc1:
> http://www.erlang.org/news/85
> "ssl: ... added padding check for
> TLS-1.0 due to the Poodle vulnerability."
> 
> This indicates that Erlang was vulnerable to the TLS-variant of the
> poodle vulnerability due to missing padding checks
> 
> this clearly is an implementation error and thus should be considered a
> vuln.

Use CVE-2015-2774.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVFZGTAAoJEKllVAevmvmsrb8H/jlkxOnhkQ0hIZ/XURZYf31O
i2LIOF4W5YkEmuI8W1EI9s+3UDf0gbJ4tQ54djwG0BF9I48T1jrl+MxWcco0nK8Q
p2jDrqj28gjlPnxoOslUoTSMZqvHrl591OCRpkLn+1ggK8wL75gpEhEscGrux64u
GaAjg5fklTUqf9aGWwYADk2bRZS6lOVwHHErHn8bvXsiST3vvhqIL03xNJBIl4MH
2/Km1nigVtBEthhhkXAtAl5Vds7BKxUUJOdNAvqPIu7s17b3bG464txNGrpdk7I+
+ImUdaTHg+XS/9MrqhF8GylUMgtBeYuibp3xBqOZEEZzfzHtfJg8zFKmrjJE3g8=
=mfFG
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]