Mandriva Linux Security Advisory : erlang (MDVSA-2015:174)
High Nessus Plugin ID 82484
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated erlang packages fixes security vulnerability :
An FTP command injection flaw was found in Erlang's FTP module.
Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module (CVE-2014-1693).
This update also disables SSLv3 by default to mitigate the POODLE issue.
SolutionUpdate the affected packages.