UbuntuUpdates.org

Package "erlang"

Name: erlang

Description:

Concurrent, real-time, distributed functional language
Latest version: 1:22.2.7+dfsg-1ubuntu0.3
Release: focal (20.04)
Level: security
Repository: universe
Homepage: http://www.erlang.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "erlang"

All arch deb package
APT INSTALL

Other versions of "erlang" in Focal

Repository Area Version
base universe 1:22.2.7+dfsg-1
base main 1:22.2.7+dfsg-1
security main 1:22.2.7+dfsg-1ubuntu0.3
updates main 1:22.2.7+dfsg-1ubuntu0.3
updates universe 1:22.2.7+dfsg-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:22.2.7+dfsg-1ubuntu0.3 2025-03-03 17:06:54 UTC

  erlang (1:22.2.7+dfsg-1ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: incorrect SSH packet size check
    - debian/patches/CVE-2025-26618.patch: sftp reject packets exceeding
      limit in lib/ssh/src/ssh_sftpd.erl.
    - CVE-2025-26618

 -- Marc Deslauriers <email address hidden> Thu, 27 Feb 2025 10:52:57 -0500
Source diff to previous version
CVE-2025-26618 Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OT

Version: 1:22.2.7+dfsg-1ubuntu0.2 2023-05-08 10:07:15 UTC

  erlang (1:22.2.7+dfsg-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: SSL, TLS and DTLS client authentication bypass
    - d/p/CVE-2022-37026-1.patch: fix handling of unexpected
      messages. Based on upstream patch.
    - d/p/CVE-2022-37026-2.patch: correct guard check. Based on upstream
      patch.
    - CVE-2022-37026

 -- Alex Murray <email address hidden> Wed, 26 Apr 2023 11:07:20 +0200
CVE-2022-37026 In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification


About   -   Send Feedback to @ubuntu_updates