Erlang/OTP 23.3.4.20

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl or asdf).

docker run -it erlang:23.3.4.20
Erlang/OTP 23.3.4.20
View on github.com
Patch Package OTP 23.3.4.20
Git Tag OTP-23.3.4.20
Date 2024-03-18
Issue Id
ERIERL-1041
System OTP
Release 23
Application
Potential Incompatibilities

Potential Incompatibilities #

OTP-18897
Application(s):
ssh

With this change (being response to CVE-2023-48795), ssh can negotiate "strict KEX" OpenSSH extension with peers supporting it; also 'chacha20-poly1305@openssh.com' algorithm becomes a less preferred cipher.

If strict KEX availability cannot be ensured on both connection sides, affected encryption modes(CHACHA and CBC) can be disabled with standard ssh configuration. This will provide protection against vulnerability, but at a cost of affecting interoperability. See Configuring algorithms in SSH User's Guide.

ssh-4.11.1.7 #

The ssh-4.11.1.7 application can be applied independently of other applications on a full OTP 23 installation.

OTP-18897
Application(s):
ssh

*** POTENTIAL INCOMPATIBILITY ***

With this change (being response to CVE-2023-48795), ssh can negotiate "strict KEX" OpenSSH extension with peers supporting it; also 'chacha20-poly1305@openssh.com' algorithm becomes a less preferred cipher.

If strict KEX availability cannot be ensured on both connection sides, affected encryption modes(CHACHA and CBC) can be disabled with standard ssh configuration. This will provide protection against vulnerability, but at a cost of affecting interoperability. See Configuring algorithms in SSH User's Guide.

OTP-19002
Application(s):
ssh
Related Id(s):
ERIERL-1041

With this change, KEX strict terminal message is emitted with debug verbosity.

Full runtime dependencies of ssh-4.11.1.7: crypto-4.6.4, erts-9.0, kernel-5.3, public_key-1.6.1, stdlib-3.4.1