diff --git a/SPECS/erlang/CVE-2026-54886.patch b/SPECS/erlang/CVE-2026-54886.patch new file mode 100644 index 00000000000..590cca310bc --- /dev/null +++ b/SPECS/erlang/CVE-2026-54886.patch @@ -0,0 +1,41 @@ +From 397e0ee405e3dc69c6eb231f11bbdb065677d4dd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Micha=C5=82=20W=C4=85sowski?= +Date: Thu, 25 Jun 2026 11:33:33 +0200 +Subject: [PATCH] Fix extended data infinite loop in sftpd + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/erlang/otp/commit/eaf9550b8ad4738b81149d3f617102d980c6dd18.patch +--- + lib/ssh/src/ssh_sftpd.erl | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/lib/ssh/src/ssh_sftpd.erl b/lib/ssh/src/ssh_sftpd.erl +index ea29fb7..8de37bd 100644 +--- a/lib/ssh/src/ssh_sftpd.erl ++++ b/lib/ssh/src/ssh_sftpd.erl +@@ -208,7 +208,7 @@ handle_data(0, ChannelId, <>, + end; + handle_data(0, _ChannelId, Data, State = #state{pending = <<>>}) -> + {ok, State#state{pending = Data}}; +-handle_data(Type, ChannelId, Data0, State = #state{pending = Pending}) -> ++handle_data(0, ChannelId, Data0, State = #state{pending = Pending}) -> + Data = <>, + Size = byte_size(Data), + case Size > ?SSH_MAX_PACKET_SIZE of +@@ -229,8 +229,11 @@ handle_data(Type, ChannelId, Data0, State = #state{pending = Pending}) -> + ?LOG_ERROR(ReportFun, [Size]), + {stop, ChannelId, State}; + _ -> +- handle_data(Type, ChannelId, Data, State#state{pending = <<>>}) +- end. ++ handle_data(0, ChannelId, Data, State#state{pending = <<>>}) ++ end; ++handle_data(_Type, _ChannelId, _Data, State) -> ++ %% Same as openssh sftpd, we ignore extended data ++ {ok, State}. + + %% From draft-ietf-secsh-filexfer-02 "The file handle strings MUST NOT be longer than 256 bytes." + handle_op(Request, ReqId, <>, State = #state{xf = XF}) +-- +2.45.4 + diff --git a/SPECS/erlang/erlang.spec b/SPECS/erlang/erlang.spec index fea823ba048..87767fe47c0 100644 --- a/SPECS/erlang/erlang.spec +++ b/SPECS/erlang/erlang.spec @@ -2,7 +2,7 @@ Summary: erlang Name: erlang Version: 26.2.5.21 -Release: 2%{?dist} +Release: 3%{?dist} License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -15,6 +15,7 @@ Patch2: CVE-2026-48858.patch Patch3: CVE-2026-48860.patch Patch4: CVE-2026-49759.patch Patch5: CVE-2026-49760.patch +Patch6: CVE-2026-54886.patch BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: unixODBC-devel @@ -59,6 +60,9 @@ export ERL_TOP=`pwd` %{_libdir}/erlang/* %changelog +* Mon Jul 06 2026 Azure Linux Security Servicing Account - 26.2.5.21-3 +- Patch for CVE-2026-54886 + * Tue Jun 16 2026 Azure Linux Security Servicing Account - 26.2.5.21-2 - Patch for CVE-2026-49760, CVE-2026-49759, CVE-2026-48860, CVE-2026-48858, CVE-2026-48856, CVE-2026-48855