Package "erlang"
| Name: |
erlang
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- Erlang/OTP modules for ASN.1 support
- Erlang/OTP virtual machine and base applications
- Erlang/OTP cryptographic modules
- Erlang/OTP development libraries and headers
|
| Latest version: |
1:25.3.2.8+dfsg-1ubuntu4.6 |
| Release: |
noble (24.04) |
| Level: |
security |
| Repository: |
main |
Links
Other versions of "erlang" in Noble
Packages in group
Deleted packages are displayed in grey.
Changelog
|
erlang (1:25.3.2.8+dfsg-1ubuntu4.6) noble-security; urgency=medium
* SECURITY UPDATE: SSL verification mishandling via extended key usage
- debian/patches/CVE-2024-53846-1.patch: CA extended key usage check in
lib/public_key/src/pubkey_cert.erl,
lib/public_key/src/public_key.erl,
lib/public_key/test/public_key_SUITE.erl.
- debian/patches/CVE-2024-53846-2.patch: peer ext-keyusage extension
should alwyas be verified if present in lib/ssl/doc/src/ssl.xml,
lib/ssl/src/ssl.erl, lib/ssl/src/ssl_certificate.erl,
lib/ssl/src/ssl_handshake.erl, lib/ssl/src/ssl_internal.hrl,
lib/ssl/src/tls_handshake_1_3.erl, lib/ssl/test/ssl_cert_SUITE.erl.
- debian/patches/CVE-2024-53846-3.patch: adjust certificate key usage
compatible check in lib/public_key/src/pubkey_cert.erl.
- CVE-2024-53846
-- Marc Deslauriers <email address hidden> Tue, 13 Jan 2026 14:09:07 -0500
|
| Source diff to previous version |
| CVE-2024-53846 |
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a se |
|
|
erlang (1:25.3.2.8+dfsg-1ubuntu4.5) noble-security; urgency=medium
* SECURITY UPDATE: Increased resource consumption in the SSH module.
- debian/patches/CVE-2025-48038.patch: Add handle_op for file handle length
string exceeding 256 bytes in lib/ssh/src/ssh_sftpd.erl.
- debian/patches/CVE-2025-48039.patch: Add max_path option and limits in
lib/ssh/src/ssh_sftpd.erl.
- debian/patches/CVE-2025-48040.patch: Add max_log_len in
lib/ssh/src/ssh_connection.erl. Add Class:Reason0:Stacktrace for decode
failures in lib/ssh/src/ssh_connection_handler.erl. Add trim_reason and
max_log_len in lib/ssh/src/ssh_lib.erl. Change decode_kex_init in
lib/ssh/src/ssh_message.erl. Change kexinit_error and modify Msg in
lib/ssh/src/ssh_transport.erl.
- debian/patches/CVE-2025-48041.patch: Add max_handles option and limits in
lib/ssh/src/ssh_sftpd.erl.
- CVE-2025-48038
- CVE-2025-48039
- CVE-2025-48040
- CVE-2025-48041
-- Hlib Korzhynskyy <email address hidden> Fri, 17 Oct 2025 12:53:40 -0230
|
| Source diff to previous version |
| CVE-2025-48038 |
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Ex |
| CVE-2025-48039 |
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Ex |
| CVE-2025-48040 |
Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is ass |
| CVE-2025-48041 |
Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This v |
|
|
erlang (1:25.3.2.8+dfsg-1ubuntu4.4) noble-security; urgency=medium
* SECURITY UPDATE: insufficient strict KEX handshake hardening measures
- debian/patches/CVE-2025-46712-1.patch: add KEX strict implementation
fixes in lib/ssh/src/ssh_connection_handler.erl,
lib/ssh/src/ssh_fsm_kexinit.erl, lib/ssh/src/ssh_transport.erl,
lib/ssh/test/ssh_protocol_SUITE.erl,
lib/ssh/test/ssh_trpt_test_lib.erl.
- CVE-2025-46712
* SECURITY UPDATE: path traversal and other issues in zip
- debian/patches/CVE-2025-4748.patch: properly sanitize filenames when
(un)zipping in lib/stdlib/src/zip.erl, lib/stdlib/test/zip_SUITE.erl.
- CVE-2025-4748
-- Marc Deslauriers <email address hidden> Thu, 10 Jul 2025 11:10:28 -0400
|
| Source diff to previous version |
| CVE-2025-46712 |
Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and O |
| CVE-2025-4748 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Trav |
|
|
erlang (1:25.3.2.8+dfsg-1ubuntu4.3) noble-security; urgency=medium
* SECURITY UPDATE: Unauthenticated Remote Code Execution in SSH
- debian/patches/CVE-2025-32433.patch: disconnect when connection
protocol message arrives when user is not authenticated for
connection in lib/ssh/src/ssh_connection.erl,
lib/ssh/test/ssh_protocol_SUITE.erl.
- CVE-2025-32433
-- Marc Deslauriers <email address hidden> Wed, 16 Apr 2025 14:21:37 -0400
|
| Source diff to previous version |
| CVE-2025-32433 |
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server ma |
|
|
erlang (1:25.3.2.8+dfsg-1ubuntu4.2) noble-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2025-30211-1.patch: reduce log processing for
plain connections.
- debian/patches/CVE-2025-30211-2.patch: ignore too long names.
- debian/patches/CVE-2025-30211-3.patch: use chars_limit for bad
packets error messages.
- debian/patches/CVE-2025-30211-4.patch: custom_kexinit test added.
- CVE-2025-30211
-- Fabian Toepfer <email address hidden> Wed, 02 Apr 2025 19:25:37 +0200
|
| CVE-2025-30211 |
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KE |
|
About
-
Send Feedback to @ubuntu_updates
