UbuntuUpdates.org

Package "erlang-runtime-tools"

Name: erlang-runtime-tools

Description:

Erlang/OTP runtime tracing/debugging tools
Latest version: 1:27.3.4.1+dfsg-1ubuntu0.1
Release: questing (25.10)
Level: updates
Repository: main
Head package: erlang
Homepage: http://www.erlang.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "erlang-runtime-tools"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "erlang-runtime-tools" in Questing

Repository Area Version
base main 1:27.3.4.1+dfsg-1build1
security main 1:27.3.4.1+dfsg-1ubuntu0.1

Changelog

Version: 1:27.3.4.1+dfsg-1ubuntu0.1 2025-10-22 01:08:50 UTC

  erlang (1:27.3.4.1+dfsg-1ubuntu0.1) questing-security; urgency=medium

  * SECURITY UPDATE: Increased resource consumption in the SSH module.
    - debian/patches/CVE-2025-48038.patch: Add handle_op for file handle length
      string exceeding 256 bytes in lib/ssh/src/ssh_sftpd.erl.
    - debian/patches/CVE-2025-48039.patch: Add max_path option and limits in
      lib/ssh/src/ssh_sftpd.erl.
    - debian/patches/CVE-2025-48040.patch: Add max_log_len in
      lib/ssh/src/ssh_connection.erl. Add Class:Reason0:Stacktrace for decode
      failures in lib/ssh/src/ssh_connection_handler.erl. Add trim_reason and
      max_log_len in lib/ssh/src/ssh_lib.erl. Change decode_kex_init in
      lib/ssh/src/ssh_message.erl. Change kexinit_error and modify Msg in
      lib/ssh/src/ssh_transport.erl.
    - debian/patches/CVE-2025-48041.patch: Add max_handles option and limits in
      lib/ssh/src/ssh_sftpd.erl.
    - CVE-2025-48038
    - CVE-2025-48039
    - CVE-2025-48040
    - CVE-2025-48041

 -- Hlib Korzhynskyy <email address hidden> Thu, 16 Oct 2025 17:28:35 -0230
CVE-2025-48038 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Ex
CVE-2025-48039 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Ex
CVE-2025-48040 Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is ass
CVE-2025-48041 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This v


About   -   Send Feedback to @ubuntu_updates