Wednesday, April 23, 2025

[USN-7443-2] Erlang vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmgI+3oFAwAAAAAACgkQZWnYVadEvpPj
ww/+PZfyPIL1EgTK8bKBU81mnC/dYIjEsrJ/CvLoBusfkkoRT/uHLxzpH+DIZYegAHMoggTX5ynL
484w+Sh5WcTcklt7kBdfJhz+gfp1YwjLDP4Z/9ExDjul+qXzHZixSS6w575171/nHtnY2e6iz+QJ
A8Jpsn0Npf47iSFFfJriZRufcEYf6TjPHI6/zMp5sbOvtoKd6pP6tBxeC+4OdmrjxvKja+klu2JW
HZ/kKCPO4JrEWTkcT6AiS0yOjIXLFawsa2UcC1OfX03xiEcmpjdFnHlr7m4VdJrma/cSrArM91Yw
yI6BeU9Ws3xgrS2DnhYJJpff5IYWVNyF7dH0P348OuvPTpsn/9f+uk1YUqRX0nDqwdx9n5mjnpGT
nzX+xo1+QuA7YU6k/gvdYV5k209Z1nToGvqP/mRy9ynkBM0qpGsDQANt2MhDC4Tf8xKzMehzm7S2
DWDRyVtNAs8m6REuRbQSezigtFVemzM6uQJuAJy5xD1sQt+RHXyW/ndOnfsZ6LieGInNHZd4yYUi
wLsM7iqwj2iAe+PUK/gr9Jktb89oLE/3/GD59hnrIGqKWqQEBEV+J8C966FzvIpAbAyqR5bxGSKH
RD4Ny/cyuyoVCYV+wlrA1SQbAE0ej+/3Ev+efjIMKus++UXt5onxKFja07ZX/ZqMWtSQeMmBq2UM
LD4=
=3R53
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7443-2
April 23, 2025

erlang vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Erlang could be made to run programs if it received specially crafted
network traffic.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

USN-7443-1 fixed a vulnerability in Erlang. This update provides the
corresponding update for Ubuntu 25.04.

Original advisory details:

Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk
discovered that Erlang OTP's SSH module incorrect handled authentication.
A remote attacker could use this issue to execute arbitrary commands
without authentication, possibly leading to a system compromise.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
erlang 1:27.3+dfsg-1ubuntu1.1
erlang-ssh 1:27.3+dfsg-1ubuntu1.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7443-2
https://ubuntu.com/security/notices/USN-7443-1
CVE-2025-32433

Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)