diff options
Diffstat (limited to 'release-notes/OTP-22.3.4.27.README.txt')
-rw-r--r-- | release-notes/OTP-22.3.4.27.README.txt | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/release-notes/OTP-22.3.4.27.README.txt b/release-notes/OTP-22.3.4.27.README.txt new file mode 100644 index 0000000..3fc578b --- /dev/null +++ b/release-notes/OTP-22.3.4.27.README.txt @@ -0,0 +1,145 @@ +Patch Package: OTP 22.3.4.27 +Git Tag: OTP-22.3.4.27 +Date: 2024-03-18 +Trouble Report Id: OTP-18169, OTP-18170, OTP-18175, OTP-18197, + OTP-18258, OTP-18897, OTP-19002 +Seq num: ERIERL-1041, GH-6165, GH-6309, PR-6134, + PR-6135, PR-6142, PR-6213, PR-6324 +System: OTP +Release: 22 +Application: erts-10.7.2.19, ssh-4.9.1.5 +Predecessor: OTP 22.3.4.26 + + Check out the git tag OTP-22.3.4.27, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- POTENTIAL INCOMPATIBILITIES ------------------------------------- + --------------------------------------------------------------------- + + OTP-18897 Application(s): ssh + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + '[email protected]' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH User's Guide. + + + --------------------------------------------------------------------- + --- erts-10.7.2.19 -------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-10.7.2.19 application *cannot* be applied + independently of other applications on an arbitrary OTP 22 + installation. + + On a full OTP 22 installation, also the following runtime + dependency has to be satisfied: + -- kernel-6.5.2.5 (first satisfied in OTP 22.3.4.25) + + + --- Fixed Bugs and Malfunctions --- + + OTP-18169 Application(s): erts + Related Id(s): PR-6134 + + A race could cause process_info(Pid, message_queue_len) + on other processes to return invalid results. + + + OTP-18170 Application(s): erts + Related Id(s): PR-6135 + + Fixed reduction counting for handling process system + tasks. + + + OTP-18175 Application(s): erts + Related Id(s): PR-6142 + + Priority elevation of terminating processes did not + work which could cause execution of such processes to + be delayed. + + + OTP-18197 Application(s): erts + Related Id(s): GH-6165, PR-6213 + + The erlang:monotonic_time/1, erlang:system_time/1, + erlang:time_offset/1, and os:system_time/1 BIFs + erroneously failed when passed the argument native. + + + OTP-18258 Application(s): erts + Related Id(s): GH-6309, PR-6324 + + Notifications about available distribution data sent to + distribution controller processes could be lost. + Distribution controller processes can be used when + implementing an alternative distribution carrier. The + default distribution over tcp was not effected and the + bug was also not present on x86/x86_64 platforms. + + + Full runtime dependencies of erts-10.7.2.19: kernel-6.5.2.5, + sasl-3.3, stdlib-3.5 + + + --------------------------------------------------------------------- + --- ssh-4.9.1.5 ----------------------------------------------------- + --------------------------------------------------------------------- + + Note! The ssh-4.9.1.5 application *cannot* be applied independently + of other applications on an arbitrary OTP 22 installation. + + On a full OTP 22 installation, also the following runtime + dependency has to be satisfied: + -- crypto-4.6.4 (first satisfied in OTP 22.2.2) + + + --- Fixed Bugs and Malfunctions --- + + OTP-18897 Application(s): ssh + + *** POTENTIAL INCOMPATIBILITY *** + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + '[email protected]' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH User's Guide. + + + OTP-19002 Application(s): ssh + Related Id(s): ERIERL-1041 + + With this change, KEX strict terminal message is + emitted with debug verbosity. + + + Full runtime dependencies of ssh-4.9.1.5: crypto-4.6.4, erts-9.0, + kernel-5.3, public_key-1.6.1, stdlib-3.4.1 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + |