crypto: - 1), multiple memory leaks OTP-8810 Patch: https://github.com/erlang/otp/commit/d834040eeb1383157320a650984a47bb02bbb2d1 Note: Hard to tell if has security implications, but from the patch looks certain memory content leaks were possible - 2), rc4 not working correctly (silent data corruption) OTP-8781 Patch: https://github.com/erlang/otp/commit/0bcb7009fe4f3bbdf630c226d7e7335f9c005cf0 Note: Seems to be just bugfix From the patch log: RC4 stream cipher didn't work. erl_interface: - 3), ei: prevent overflow in ei_connect_init and ei_xconnect OTP-8814 Patch: https://github.com/erlang/otp/commit/6e66a59544a4816c49d2d4ae4bfa4f408403a1ab Note: security, stack based buffer overflow possible - 4), erl_call: fix multiple buffer overflows OTP-8827 Patch: https://github.com/erlang/otp/commit/f4843545086e6e79642e86f84aba0cff789d575b Note: security, multiple heap overflows possible - 5), Check the length of the node name to prevent an overflow OTP-8943 Patch: https://github.com/erlang/otp/commit/29b572dbd1546796a0a94066548edfa3da6b4b9d Note: security - 6), erl_term_len() in erl_interface could returned wrong length OTP-8945 Patch: https://github.com/erlang/otp/commit/c7fa778ae11c33f4568fbfd91d58550c781b54d6 Note: Hard to tell if has security implications erts: - 7), error with list_to_float("1.0e-324") in some VMs OTP-7178 Patch: https://github.com/erlang/otp/commit/1297a3ade2851be787a4c6a64d5f57d81761c8f5 Note: ignore underflow in list_to_float and return 0.0 - 8), Fix faulty 64-bit integer term output from drivers (crash or silent data corruption) OTP-8716 Patch: https://github.com/erlang/otp/commit/d2f1c68969d2c32a1310aa52b66209ef4c3aed97 Note: security - 9), gen_udp:connect/3 was broken for SCTP enabled builds. OTP-8729 Patch: https://github.com/erlang/otp/commit/2a6db0111898f25f5c615ce9b7f4e6ef84381a03 Note: seems to be just bugfix - 10), Removed some potential vulnerabilities from epmd OTP-8780 Patch: https://github.com/erlang/otp/commit/bbf3ab21b404aedbf9c7b7062b1e96062133fe44 Note: security From patch log: Remove two buffer overflow vulnerabilities in EPMD - 11), wrong return code for http sockets {ok,{http_error,String}} OTP-8831 Patch: https://github.com/erlang/otp/commit/c2d085e76f38467ea530b294edd3767ade88332c Note: seems to be just bugfix - 12), Multiple Buffer overflows have been prevented OTP-8892 Patch: https://github.com/erlang/otp/commit/c7f811b03aca427fbea0cac5307b81fa19bddbc1 Note: security From patch log: * ms/security-fixes: erlc: remove unused variable, typer: prevent buffer overflows, run_test: prevent buffer overflow, heart: prevent buffer overflow, escript: prevent buffer overflows, erlexec: prevent buffer overflows, erlc: prevent buffer overflows, dialyzer: prevent buffer overflows - 13), The ERTS internal rwlock implementation could get into an inconsistent state OTP-8925 Patch: https://github.com/erlang/otp/commit/f1c8231c16ca4cc8ef39318364ac8a1c8d7d56e1 Note: Assertion failure, but not sure if exploitable for DoS - 14), Some malformed distribution messages could cause VM to crash OTP-8993 Patch: https://github.com/erlang/otp/commit/663a15d616647d0019bc834d20de517fd9aeadd7 Note: security From patch log: Teach VM not to dump core on bad dist message structure - 15), A bug in the exit/2 BIF could potentially cause an emulator crash OTP-9005 Patch: https://github.com/erlang/otp/commit/962a313807f96f38f3bf40a5e8cd855ad09deccb Note: Not sure if has security implications - 16), Potentially emulator crash when deleting an ETS-table OTP-8999 Patch: https://github.com/erlang/otp/commit/f4f3beb158352b23959c09f8b0dfc83013d5fdf2 Note: Not sure if has security implications - 17), Attempting to create binaries exceeding 2Gb (using for example term_to_binary/1) would crash the emulator OTP-9117 Patch: https://github.com/erlang/otp/commit/1f07334d042e478d385caa0d7634ebfa6703f27a Note: Hard to tell if has security implications hipe: - 18), Fix bug in the simplification of inexact comparisons OTP-9101 Patch: https://github.com/erlang/otp/commit/e454e0f3d45c30fcb24f6e06a9e1f7408a8db5d7 Note: Seems to be just bugfix kernel: - 19), inet:getsockopt for SCTP sctp_default_send_param, random answers OTP-8795 Patch: https://github.com/erlang/otp/commit/9ea58dff408c0c72f5a6ad0e11b521a80292b024 Note: Seems to be just bugfix stdlib: - 20), race condition/silent data corruption in dets OTP-8898 Patch: https://github.com/erlang/otp/commit/4e79fa3b1b6797f2583848d307d6b85cec94a920 Note: Hard to tell if has security implications Note: Are there potentially more ones, I missed? =====