[ubuntu/plucky-security] erlang 1:27.3+dfsg-1ubuntu1.3 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Tue Oct 21 13:45:43 UTC 2025
erlang (1:27.3+dfsg-1ubuntu1.3) plucky-security; urgency=medium
* SECURITY UPDATE: Increased resource consumption in the SSH module.
- debian/patches/CVE-2025-48038.patch: Add handle_op for file handle length
string exceeding 256 bytes in lib/ssh/src/ssh_sftpd.erl.
- debian/patches/CVE-2025-48039.patch: Add max_path option and limits in
lib/ssh/src/ssh_sftpd.erl.
- debian/patches/CVE-2025-48040.patch: Add max_log_len in
lib/ssh/src/ssh_connection.erl. Add Class:Reason0:Stacktrace for decode
failures in lib/ssh/src/ssh_connection_handler.erl. Add trim_reason and
max_log_len in lib/ssh/src/ssh_lib.erl. Change decode_kex_init in
lib/ssh/src/ssh_message.erl. Change kexinit_error and modify Msg in
lib/ssh/src/ssh_transport.erl.
- debian/patches/CVE-2025-48041.patch: Add max_handles option and limits in
lib/ssh/src/ssh_sftpd.erl.
- CVE-2025-48038
- CVE-2025-48039
- CVE-2025-48040
- CVE-2025-48041
Date: 2025-10-17 17:19:12.505194+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list