An FTP command injection flaw was found [1] in Erlang's FTP module. Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module. This issue has been reported upstream [2], but has not yet been fixed. [1] http://seclists.org/oss-sec/2014/q1/163 [2] http://erlang.org/pipermail/erlang-bugs/2014-January/003998.html
Created erlang tracking bugs for this issue: Affects: fedora-all [bug 1059333] Affects: epel-all [bug 1059335]
erlang-R16B-03.9.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
erlang-R16B-03.10.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
erlang-R16B-03.10.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
erlang-17.4-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.