An erlang TLS server configured with cipher suites using rsa key exchange, may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server’s private key itself. References: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM
Created erlang tracking bugs for this issue: Affects: fedora-all [bug 1520401]
This is not high touch. As per IRC discussion earlier with Garth, making this high touch adds no value to anything.
This issue has been addressed in the following products: Red Hat OpenStack Platform 12.0 (Pike) Via RHSA-2018:0242 https://access.redhat.com/errata/RHSA-2018:0242
This issue has been addressed in the following products: Red Hat OpenStack Platform 11.0 (Ocata) Via RHSA-2018:0303 https://access.redhat.com/errata/RHSA-2018:0303
This issue has been addressed in the following products: Red Hat OpenStack Platform 10.0 (Newton) Via RHSA-2018:0368 https://access.redhat.com/errata/RHSA-2018:0368
This issue has been addressed in the following products: Red Hat OpenStack Platform 9.0 (Mitaka) Via RHSA-2018:0528 https://access.redhat.com/errata/RHSA-2018:0528
Statement: This issue affects the versions of erlang as shipped with Red Hat CloudForms 4. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.