Tuesday, October 21, 2025

[USN-7831-1] Erlang vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7831-1
October 21, 2025

erlang vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Erlang.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

It was discovered that Erlang incorrectly handled resource allocation and
consumption in the SFTP SSH module. An attacker could possibly use this
issue cause Erlang to consume excessive resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
erlang 1:27.3.4.1+dfsg-1ubuntu0.1
erlang-ssh 1:27.3.4.1+dfsg-1ubuntu0.1

Ubuntu 25.04
erlang 1:27.3+dfsg-1ubuntu1.3
erlang-ssh 1:27.3+dfsg-1ubuntu1.3

Ubuntu 24.04 LTS
erlang 1:25.3.2.8+dfsg-1ubuntu4.5
erlang-ssh 1:25.3.2.8+dfsg-1ubuntu4.5

Ubuntu 22.04 LTS
erlang 1:24.2.1+dfsg-1ubuntu0.6
erlang-ssh 1:24.2.1+dfsg-1ubuntu0.6

Ubuntu 20.04 LTS
erlang 1:22.2.7+dfsg-1ubuntu0.5+esm1
Available with Ubuntu Pro
erlang-ssh 1:22.2.7+dfsg-1ubuntu0.5+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
erlang 1:20.2.2+dfsg-1ubuntu2+esm2
Available with Ubuntu Pro
erlang-ssh 1:20.2.2+dfsg-1ubuntu2+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
erlang 1:18.3-dfsg-1ubuntu3.1+esm2
Available with Ubuntu Pro
erlang-ssh 1:18.3-dfsg-1ubuntu3.1+esm2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
erlang 1:16.b.3-dfsg-1ubuntu2.2+esm1
Available with Ubuntu Pro
erlang-ssh 1:16.b.3-dfsg-1ubuntu2.2+esm1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7831-1
CVE-2025-48038, CVE-2025-48039, CVE-2025-48040, CVE-2025-48041

Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:27.3.4.1+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.3
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.5
https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.6

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)