- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
on 12-14-2022 10:20 AM - edited on 04-23-2024 06:25 AM by dpuigdomenec
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Issue below command in Expedition CLI:
$apt list --installed | grep erlang
the result will show erlang package is v22.x which is vulnerable to the CVE
Summary: Run below commands in Expedition CLI to add new repositories and upgrade the two packages to the stated version:
rabbitmq-server: 3.11.4-1
erlang: 25.0.4
-------------------------------------------------------------------------------------
// execute below commands as root
sudo -su root
// stop mysql service so Expedition is not available
service mysql stop
// remove any potential version installed
apt-get remove rabbitmq-server && apt-get purge rabbitmq-server
apt-get remove erlang && apt-get purge erlang
apt autoremove
// disable the legacy repository for erlang > 25+ packages
echo "#deb https://packages.erlang-solutions.com/ubuntu focal contrib" | sudo tee /etc/apt/sources.list.d/erlang-solution.list
echo "#deb [trusted=yes] http://www.rabbitmq.com/debian/ testing main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list
// update the apt list
apt update
// add the new repository storing erlang > 25+ packages
add-apt-repository -y ppa:rabbitmq/rabbitmq-erlang-25
// update the apt list
apt update
// add the rabbitmq repository
$curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.deb.sh | sudo bash
// update the apt list
apt update
// fix any broken dependency
sudo apt --fix-broken install
// install the rabbitmq-server
$apt-get install rabbitmq-server=3.11.4-1
// remove any unneeded package
$apt autoremove
$apt purge
// start the mysql service to make Expedition available
$service mysql start
Verify the two packages are updated with the required version with below commands:
$apt list --installed | grep erlang
$apt list --installed | grep rabbitmq-server