[USN-7443-2] Erlang vulnerability
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Apr 23 14:38:50 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7443-2
April 23, 2025
erlang vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
Erlang could be made to run programs if it received specially crafted
network traffic.
Software Description:
- erlang: Concurrent, real-time, distributed functional language
Details:
USN-7443-1 fixed a vulnerability in Erlang. This update provides the
corresponding update for Ubuntu 25.04.
Original advisory details:
Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk
discovered that Erlang OTP’s SSH module incorrect handled authentication.
A remote attacker could use this issue to execute arbitrary commands
without authentication, possibly leading to a system compromise.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
erlang 1:27.3+dfsg-1ubuntu1.1
erlang-ssh 1:27.3+dfsg-1ubuntu1.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7443-2
https://ubuntu.com/security/notices/USN-7443-1
CVE-2025-32433
Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250423/dd48a1b7/attachment-0001.sig>
More information about the ubuntu-security-announce
mailing list