diff options
| author | Loïc Hoguin <[email protected]> | 2024-03-21 09:40:58 +0100 |
|---|---|---|
| committer | Loïc Hoguin <[email protected]> | 2024-03-21 09:40:58 +0100 |
| commit | b151830bd2b3133a6c60af5b4719e584729a243e (patch) | |
| tree | 3919f3249b26513a33980ecc34825f727de8bba4 | |
| parent | 0265ca578caed03e046fc970df5075cc4d577919 (diff) | |
| download | ci.erlang.mk-b151830bd2b3133a6c60af5b4719e584729a243e.tar.gz ci.erlang.mk-b151830bd2b3133a6c60af5b4719e584729a243e.tar.bz2 ci.erlang.mk-b151830bd2b3133a6c60af5b4719e584729a243e.zip | |
OTP-23.3.4.20
| -rw-r--r-- | early-plugins.mk | 4 | ||||
| -rw-r--r-- | release-notes/OTP-23.3.4.20.README.txt | 78 |
2 files changed, 80 insertions, 2 deletions
diff --git a/early-plugins.mk b/early-plugins.mk index a399dfb..d331328 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -17,7 +17,7 @@ OTP-19 := OTP-19.0.7 OTP-19.1.6 OTP-19.2.3 OTP-19.3.6.13 OTP-20 := OTP-20.0.5 OTP-20.1.7 OTP-20.2.4 OTP-20.3.8.26 OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.24 OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.26 -OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.19 +OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.20 OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.16 OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.10 OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2.3 @@ -107,7 +107,7 @@ OTP-23-DROPPED := OTP-23.0-rc1 OTP-23.0-rc2 OTP-23.0-rc3 OTP-23.0 OTP-23.0.1 \ OTP-23.2 OTP-23.2.1 OTP-23.2.3 OTP-23.2.4 OTP-23.3.1 OTP-23.3.2 OTP-23.2.7.2 \ OTP-23.3.3 OTP-23.3.4 OTP-23.3.4.1 OTP-23.3.4.5 OTP-23.3.4.6 OTP-23.3.4.7 \ OTP-23.3.4.8 OTP-23.3.4.9 OTP-23.3.4.10 OTP-23.3.4.11 OTP-23.3.4.12 \ - OTP-23.3.4.13 OTP-23.3.4.14 OTP-23.3.4.15 OTP-23.3.4.16 OTP-23.3.4.17 OTP-23.3.4.18 + OTP-23.3.4.13 OTP-23.3.4.14 OTP-23.3.4.15 OTP-23.3.4.16 OTP-23.3.4.17 OTP-23.3.4.18 OTP-23.3.4.19 OTP-24-DROPPED := OTP-24.0-rc2 OTP-24.0-rc3 OTP-24.0 OTP-24.0.1 OTP-24.0.5 \ OTP-24.1 OTP-24.1.1 OTP-24.1.2 OTP-24.1.3 OTP-24.1.4 OTP-24.1.5 OTP-24.1.6 \ OTP-24.2 OTP-24.2.1 OTP-24.3 OTP-24.3.1 OTP-24.3.2 OTP-24.3.3 OTP-24.3.4 \ diff --git a/release-notes/OTP-23.3.4.20.README.txt b/release-notes/OTP-23.3.4.20.README.txt new file mode 100644 index 0000000..1a5d3e9 --- /dev/null +++ b/release-notes/OTP-23.3.4.20.README.txt @@ -0,0 +1,78 @@ +Patch Package: OTP 23.3.4.20 +Git Tag: OTP-23.3.4.20 +Date: 2024-03-18 +Trouble Report Id: OTP-18897, OTP-19002 +Seq num: ERIERL-1041 +System: OTP +Release: 23 +Application: ssh-4.11.1.7 +Predecessor: OTP 23.3.4.19 + + Check out the git tag OTP-23.3.4.20, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- POTENTIAL INCOMPATIBILITIES ------------------------------------- + --------------------------------------------------------------------- + + OTP-18897 Application(s): ssh + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + '[email protected]' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH User's Guide. + + + --------------------------------------------------------------------- + --- ssh-4.11.1.7 ---------------------------------------------------- + --------------------------------------------------------------------- + + The ssh-4.11.1.7 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18897 Application(s): ssh + + *** POTENTIAL INCOMPATIBILITY *** + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + '[email protected]' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH User's Guide. + + + OTP-19002 Application(s): ssh + Related Id(s): ERIERL-1041 + + With this change, KEX strict terminal message is + emitted with debug verbosity. + + + Full runtime dependencies of ssh-4.11.1.7: crypto-4.6.4, erts-9.0, + kernel-5.3, public_key-1.6.1, stdlib-3.4.1 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + |