[ubuntu/focal-updates] erlang 1:22.2.7+dfsg-1ubuntu0.5 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Apr 17 14:59:19 UTC 2025
erlang (1:22.2.7+dfsg-1ubuntu0.5) focal-security; urgency=medium
* SECURITY UPDATE: Unauthenticated Remote Code Execution in SSH
- debian/patches/CVE-2025-32433-pre1.patch: add 4th argument (#ssh) to
ssh_connection:handl_msg in lib/ssh/src/ssh_connection.erl,
lib/ssh/src/ssh_connection_handler.erl.
- debian/patches/CVE-2025-32433.patch: disconnect when connection
protocol message arrives when user is not authenticated for
connection in lib/ssh/src/ssh_connection.erl,
lib/ssh/test/ssh_protocol_SUITE.erl.
- CVE-2025-32433
Date: 2025-04-16 22:03:29.215601+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/erlang/1:22.2.7+dfsg-1ubuntu0.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list