An update for erlang is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1667 Final 1.0 1.0 2026-03-20 Initial 2026-03-20 2026-03-20 openEuler SA Tool V1.0 2026-03-20 erlang security update An update for erlang is now available for openEuler-24.03-LTS Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fix(es): Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5.(CVE-2026-23941) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14.(CVE-2026-23942) Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * (CVE-2026-23943) An update for erlang is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High erlang https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1667 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23941 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23942 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-23943 https://nvd.nist.gov/vuln/detail/CVE-2026-23941 https://nvd.nist.gov/vuln/detail/CVE-2026-23942 https://nvd.nist.gov/vuln/detail/CVE-2026-23943 openEuler-24.03-LTS erlang-25.3.2.6-13.oe2403.aarch64.rpm erlang-asn1-25.3.2.6-13.oe2403.aarch64.rpm erlang-common_test-25.3.2.6-13.oe2403.aarch64.rpm erlang-compiler-25.3.2.6-13.oe2403.aarch64.rpm erlang-crypto-25.3.2.6-13.oe2403.aarch64.rpm erlang-debugger-25.3.2.6-13.oe2403.aarch64.rpm erlang-debuginfo-25.3.2.6-13.oe2403.aarch64.rpm erlang-debugsource-25.3.2.6-13.oe2403.aarch64.rpm erlang-dialyzer-25.3.2.6-13.oe2403.aarch64.rpm erlang-diameter-25.3.2.6-13.oe2403.aarch64.rpm erlang-edoc-25.3.2.6-13.oe2403.aarch64.rpm erlang-eldap-25.3.2.6-13.oe2403.aarch64.rpm erlang-erl_docgen-25.3.2.6-13.oe2403.aarch64.rpm erlang-erl_interface-25.3.2.6-13.oe2403.aarch64.rpm erlang-erts-25.3.2.6-13.oe2403.aarch64.rpm erlang-et-25.3.2.6-13.oe2403.aarch64.rpm erlang-eunit-25.3.2.6-13.oe2403.aarch64.rpm erlang-examples-25.3.2.6-13.oe2403.aarch64.rpm erlang-ftp-25.3.2.6-13.oe2403.aarch64.rpm erlang-inets-25.3.2.6-13.oe2403.aarch64.rpm erlang-jinterface-25.3.2.6-13.oe2403.aarch64.rpm erlang-kernel-25.3.2.6-13.oe2403.aarch64.rpm erlang-megaco-25.3.2.6-13.oe2403.aarch64.rpm erlang-mnesia-25.3.2.6-13.oe2403.aarch64.rpm erlang-observer-25.3.2.6-13.oe2403.aarch64.rpm erlang-odbc-25.3.2.6-13.oe2403.aarch64.rpm erlang-os_mon-25.3.2.6-13.oe2403.aarch64.rpm erlang-parsetools-25.3.2.6-13.oe2403.aarch64.rpm erlang-public_key-25.3.2.6-13.oe2403.aarch64.rpm erlang-reltool-25.3.2.6-13.oe2403.aarch64.rpm erlang-runtime_tools-25.3.2.6-13.oe2403.aarch64.rpm erlang-sasl-25.3.2.6-13.oe2403.aarch64.rpm erlang-snmp-25.3.2.6-13.oe2403.aarch64.rpm erlang-src-25.3.2.6-13.oe2403.aarch64.rpm erlang-ssh-25.3.2.6-13.oe2403.aarch64.rpm erlang-ssl-25.3.2.6-13.oe2403.aarch64.rpm erlang-stdlib-25.3.2.6-13.oe2403.aarch64.rpm erlang-syntax_tools-25.3.2.6-13.oe2403.aarch64.rpm erlang-tftp-25.3.2.6-13.oe2403.aarch64.rpm erlang-tools-25.3.2.6-13.oe2403.aarch64.rpm erlang-wx-25.3.2.6-13.oe2403.aarch64.rpm erlang-xmerl-25.3.2.6-13.oe2403.aarch64.rpm erlang-25.3.2.6-13.oe2403.src.rpm erlang-25.3.2.6-13.oe2403.x86_64.rpm erlang-asn1-25.3.2.6-13.oe2403.x86_64.rpm erlang-common_test-25.3.2.6-13.oe2403.x86_64.rpm erlang-compiler-25.3.2.6-13.oe2403.x86_64.rpm erlang-crypto-25.3.2.6-13.oe2403.x86_64.rpm erlang-debugger-25.3.2.6-13.oe2403.x86_64.rpm erlang-debuginfo-25.3.2.6-13.oe2403.x86_64.rpm erlang-debugsource-25.3.2.6-13.oe2403.x86_64.rpm erlang-dialyzer-25.3.2.6-13.oe2403.x86_64.rpm erlang-diameter-25.3.2.6-13.oe2403.x86_64.rpm erlang-edoc-25.3.2.6-13.oe2403.x86_64.rpm erlang-eldap-25.3.2.6-13.oe2403.x86_64.rpm erlang-erl_docgen-25.3.2.6-13.oe2403.x86_64.rpm erlang-erl_interface-25.3.2.6-13.oe2403.x86_64.rpm erlang-erts-25.3.2.6-13.oe2403.x86_64.rpm erlang-et-25.3.2.6-13.oe2403.x86_64.rpm erlang-eunit-25.3.2.6-13.oe2403.x86_64.rpm erlang-examples-25.3.2.6-13.oe2403.x86_64.rpm erlang-ftp-25.3.2.6-13.oe2403.x86_64.rpm erlang-inets-25.3.2.6-13.oe2403.x86_64.rpm erlang-jinterface-25.3.2.6-13.oe2403.x86_64.rpm erlang-kernel-25.3.2.6-13.oe2403.x86_64.rpm erlang-megaco-25.3.2.6-13.oe2403.x86_64.rpm erlang-mnesia-25.3.2.6-13.oe2403.x86_64.rpm erlang-observer-25.3.2.6-13.oe2403.x86_64.rpm erlang-odbc-25.3.2.6-13.oe2403.x86_64.rpm erlang-os_mon-25.3.2.6-13.oe2403.x86_64.rpm erlang-parsetools-25.3.2.6-13.oe2403.x86_64.rpm erlang-public_key-25.3.2.6-13.oe2403.x86_64.rpm erlang-reltool-25.3.2.6-13.oe2403.x86_64.rpm erlang-runtime_tools-25.3.2.6-13.oe2403.x86_64.rpm erlang-sasl-25.3.2.6-13.oe2403.x86_64.rpm erlang-snmp-25.3.2.6-13.oe2403.x86_64.rpm erlang-src-25.3.2.6-13.oe2403.x86_64.rpm erlang-ssh-25.3.2.6-13.oe2403.x86_64.rpm erlang-ssl-25.3.2.6-13.oe2403.x86_64.rpm erlang-stdlib-25.3.2.6-13.oe2403.x86_64.rpm erlang-syntax_tools-25.3.2.6-13.oe2403.x86_64.rpm erlang-tftp-25.3.2.6-13.oe2403.x86_64.rpm erlang-tools-25.3.2.6-13.oe2403.x86_64.rpm erlang-wx-25.3.2.6-13.oe2403.x86_64.rpm erlang-xmerl-25.3.2.6-13.oe2403.x86_64.rpm Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_request:parse_headers/7. The server does not reject or normalize duplicate Content-Length headers. The earliest Content-Length in the request is used for body parsing while common reverse proxies (nginx, Apache httpd, Envoy) honor the last Content-Length value. This violates RFC 9112 Section 6.3 and allows front-end/back-end desynchronization, leaving attacker-controlled bytes queued as the start of the next request. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to inets from 5.10 until 9.6.1, 9.3.2.3 and 9.1.0.5. 2026-03-20 CVE-2026-23941 openEuler-24.03-LTS High 7.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X erlang security update 2026-03-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1667 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. The SFTP server uses string prefix matching via lists:prefix/2 rather than proper path component validation when checking if a path is within the configured root directory. This allows authenticated users to access sibling directories that share a common name prefix with the configured root directory. For example, if root is set to /home/user1, paths like /home/user10 or /home/user1_backup would incorrectly be considered within the root. This issue affects OTP from OTP 17.0 until OTP 28.4.1, OTP 27.3.4.9 and OTP 26.2.5.18, corresponding to ssh from 3.0.1 until 5.5.1, 5.2.11.6 and 5.1.4.14. 2026-03-20 CVE-2026-23942 openEuler-24.03-LTS Medium 5.3 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X erlang security update 2026-03-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1667 Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication without any size limit, enabling reliable memory exhaustion DoS. Two compression algorithms are affected: * zlib: Activates immediately after key exchange, enabling unauthenticated attacks * 2026-03-20 CVE-2026-23943 openEuler-24.03-LTS Medium 6.9 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X erlang security update 2026-03-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1667