UbuntuUpdates.org

Package "erlang"

Name: erlang

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Erlang/OTP modules for ASN.1 support
  • Erlang/OTP virtual machine and base applications
  • Erlang/OTP cryptographic modules
  • Erlang/OTP development libraries and headers
Latest version: 1:27.3+dfsg-1ubuntu1.2
Release: plucky (25.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "erlang" in Plucky

Repository Area Version
base main 1:27.3+dfsg-1ubuntu1
base universe 1:27.3+dfsg-1ubuntu1
security main 1:27.3+dfsg-1ubuntu1.2
security universe 1:27.3+dfsg-1ubuntu1.2
updates universe 1:27.3+dfsg-1ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:27.3+dfsg-1ubuntu1.2 2025-07-21 17:20:10 UTC

  erlang (1:27.3+dfsg-1ubuntu1.2) plucky-security; urgency=medium

  * SECURITY UPDATE: insufficient strict KEX handshake hardening measures
    - debian/patches/CVE-2025-46712-1.patch: add KEX strict implementation
      fixes in lib/ssh/src/ssh_connection_handler.erl,
      lib/ssh/src/ssh_fsm_kexinit.erl, lib/ssh/src/ssh_transport.erl,
      lib/ssh/test/ssh_protocol_SUITE.erl,
      lib/ssh/test/ssh_trpt_test_lib.erl.
    - debian/patches/CVE-2025-46712-2.patch: add extra remove_handler to
      improve robustness in tests in lib/ssh/test/ssh_test_lib.erl.
    - CVE-2025-46712
  * SECURITY UPDATE: path traversal and other issues in zip
    - debian/patches/CVE-2025-4748.patch: properly sanitize filenames when
      (un)zipping in lib/stdlib/src/zip.erl, lib/stdlib/test/zip_SUITE.erl.
    - CVE-2025-4748

 -- Marc Deslauriers <email address hidden> Thu, 10 Jul 2025 10:50:09 -0400
Source diff to previous version
CVE-2025-46712 Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and O
CVE-2025-4748 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Trav

Version: 1:27.3+dfsg-1ubuntu1.1 2025-04-23 15:07:46 UTC

  erlang (1:27.3+dfsg-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Unauthenticated Remote Code Execution in SSH
    - debian/patches/CVE-2025-32433.patch: disconnect when connection
      protocol message arrives when user is not authenticated for
      connection in lib/ssh/src/ssh_connection.erl,
      lib/ssh/test/ssh_protocol_SUITE.erl.
    - CVE-2025-32433

 -- Marc Deslauriers <email address hidden> Wed, 16 Apr 2025 14:14:50 -0400
CVE-2025-32433 Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server ma


About   -   Send Feedback to @ubuntu_updates