UbuntuUpdates.org

Package "erlang-snmp"

Name: erlang-snmp

Description:

Erlang/OTP SNMP applications
Latest version: 1:22.2.7+dfsg-1ubuntu0.5
Release: focal (20.04)
Level: updates
Repository: main
Head package: erlang
Homepage: http://www.erlang.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "erlang-snmp"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "erlang-snmp" in Focal

Repository Area Version
base main 1:22.2.7+dfsg-1
security main 1:22.2.7+dfsg-1ubuntu0.5

Changelog

Version: 1:22.2.7+dfsg-1ubuntu0.5 2025-04-18 14:08:48 UTC

  erlang (1:22.2.7+dfsg-1ubuntu0.5) focal-security; urgency=medium

  * SECURITY UPDATE: Unauthenticated Remote Code Execution in SSH
    - debian/patches/CVE-2025-32433-pre1.patch: add 4th argument (#ssh) to
      ssh_connection:handl_msg in lib/ssh/src/ssh_connection.erl,
      lib/ssh/src/ssh_connection_handler.erl.
    - debian/patches/CVE-2025-32433.patch: disconnect when connection
      protocol message arrives when user is not authenticated for
      connection in lib/ssh/src/ssh_connection.erl,
      lib/ssh/test/ssh_protocol_SUITE.erl.
    - CVE-2025-32433

 -- Marc Deslauriers <email address hidden> Wed, 16 Apr 2025 14:28:49 -0400
Source diff to previous version
CVE-2025-32433 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server ma

Version: 1:22.2.7+dfsg-1ubuntu0.4 2025-04-08 18:07:22 UTC

  erlang (1:22.2.7+dfsg-1ubuntu0.4) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2025-30211-pre1.patch: reduce log length.
      plain connections.
    - debian/patches/CVE-2025-30211-1.patch: ignore too long names.
    - debian/patches/CVE-2025-30211-2.patch: use chars_limit for bad
      packets error messages.
    - debian/patches/CVE-2025-30211-3.patch: custom_kexinit test added.
    - CVE-2025-30211

 -- Fabian Toepfer <email address hidden> Wed, 02 Apr 2025 19:31:34 +0200
Source diff to previous version
CVE-2025-30211 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KE

Version: 1:22.2.7+dfsg-1ubuntu0.3 2025-03-03 21:06:56 UTC

  erlang (1:22.2.7+dfsg-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect SSH packet size check
    - debian/patches/CVE-2025-26618.patch: sftp reject packets exceeding
      limit in lib/ssh/src/ssh_sftpd.erl.
    - CVE-2025-26618

 -- Marc Deslauriers <email address hidden> Thu, 27 Feb 2025 10:52:57 -0500
Source diff to previous version
CVE-2025-26618 Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OT

Version: 1:22.2.7+dfsg-1ubuntu0.2 2023-05-08 11:07:10 UTC

  erlang (1:22.2.7+dfsg-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: SSL, TLS and DTLS client authentication bypass
    - d/p/CVE-2022-37026-1.patch: fix handling of unexpected
      messages. Based on upstream patch.
    - d/p/CVE-2022-37026-2.patch: correct guard check. Based on upstream
      patch.
    - CVE-2022-37026

 -- Alex Murray <email address hidden> Wed, 26 Apr 2023 11:07:20 +0200
CVE-2022-37026 In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification


About   -   Send Feedback to @ubuntu_updates