[USN-7831-1] Erlang vulnerabilities

noreply+usn-bot Tue, 21 Oct 2025 13:38:44 -0700

==========================================================================
Ubuntu Security Notice USN-7831-1
October 21, 2025


erlang vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Erlang.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

It was discovered that Erlang incorrectly handled resource allocation and
consumption in the SFTP SSH module. An attacker could possibly use this
issue cause Erlang to consume excessive resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  erlang                          1:27.3.4.1+dfsg-1ubuntu0.1
  erlang-ssh                      1:27.3.4.1+dfsg-1ubuntu0.1

Ubuntu 25.04
  erlang                          1:27.3+dfsg-1ubuntu1.3
  erlang-ssh                      1:27.3+dfsg-1ubuntu1.3

Ubuntu 24.04 LTS
  erlang                          1:25.3.2.8+dfsg-1ubuntu4.5
  erlang-ssh                      1:25.3.2.8+dfsg-1ubuntu4.5

Ubuntu 22.04 LTS
  erlang                          1:24.2.1+dfsg-1ubuntu0.6
  erlang-ssh                      1:24.2.1+dfsg-1ubuntu0.6

Ubuntu 20.04 LTS
  erlang                          1:22.2.7+dfsg-1ubuntu0.5+esm1
                                  Available with Ubuntu Pro
  erlang-ssh                      1:22.2.7+dfsg-1ubuntu0.5+esm1
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  erlang                          1:20.2.2+dfsg-1ubuntu2+esm2
                                  Available with Ubuntu Pro
  erlang-ssh                      1:20.2.2+dfsg-1ubuntu2+esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  erlang                          1:18.3-dfsg-1ubuntu3.1+esm2
                                  Available with Ubuntu Pro
  erlang-ssh                      1:18.3-dfsg-1ubuntu3.1+esm2
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  erlang                          1:16.b.3-dfsg-1ubuntu2.2+esm1
                                  Available with Ubuntu Pro
  erlang-ssh                      1:16.b.3-dfsg-1ubuntu2.2+esm1
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7831-1
  CVE-2025-48038, CVE-2025-48039, CVE-2025-48040, CVE-2025-48041

Package Information:
  https://launchpad.net/ubuntu/+source/erlang/1:27.3.4.1+dfsg-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.3
  https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.5
  https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.6

signature.asc
Description: OpenPGP digital signature

[USN-7831-1] Erlang vulnerabilities

Reply via email to