[ubuntu/questing-updates] erlang 1:27.3.4.1+dfsg-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Oct 21 16:59:01 UTC 2025
erlang (1:27.3.4.1+dfsg-1ubuntu0.1) questing-security; urgency=medium
* SECURITY UPDATE: Increased resource consumption in the SSH module.
- debian/patches/CVE-2025-48038.patch: Add handle_op for file handle length
string exceeding 256 bytes in lib/ssh/src/ssh_sftpd.erl.
- debian/patches/CVE-2025-48039.patch: Add max_path option and limits in
lib/ssh/src/ssh_sftpd.erl.
- debian/patches/CVE-2025-48040.patch: Add max_log_len in
lib/ssh/src/ssh_connection.erl. Add Class:Reason0:Stacktrace for decode
failures in lib/ssh/src/ssh_connection_handler.erl. Add trim_reason and
max_log_len in lib/ssh/src/ssh_lib.erl. Change decode_kex_init in
lib/ssh/src/ssh_message.erl. Change kexinit_error and modify Msg in
lib/ssh/src/ssh_transport.erl.
- debian/patches/CVE-2025-48041.patch: Add max_handles option and limits in
lib/ssh/src/ssh_sftpd.erl.
- CVE-2025-48038
- CVE-2025-48039
- CVE-2025-48040
- CVE-2025-48041
Date: 2025-10-17 17:15:12.718152+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/erlang/1:27.3.4.1+dfsg-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list