SUSE-SU-2025:02332-1

Опубликовано: 16 июл. 2025

Источник: suse-cvrf

Описание

Security update for erlang

This update for erlang fixes the following issues:

CVE-2025-4748: Fixed improper limitation of a pathname to a restricted directory vulnerability in Erlang OTP (stdlib modules) that allowed absolute path traversal (bsc#1244642)

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6

erlang-23.3.4.19-150300.3.23.3

erlang-epmd-23.3.4.19-150300.3.23.3

SUSE Linux Enterprise Module for Server Applications 15 SP7

erlang-23.3.4.19-150300.3.23.3

erlang-epmd-23.3.4.19-150300.3.23.3

openSUSE Leap 15.6

erlang-23.3.4.19-150300.3.23.3

erlang-debugger-23.3.4.19-150300.3.23.3

erlang-debugger-src-23.3.4.19-150300.3.23.3

erlang-dialyzer-23.3.4.19-150300.3.23.3

erlang-dialyzer-src-23.3.4.19-150300.3.23.3

erlang-diameter-23.3.4.19-150300.3.23.3

erlang-diameter-src-23.3.4.19-150300.3.23.3

erlang-doc-23.3.4.19-150300.3.23.3

erlang-epmd-23.3.4.19-150300.3.23.3

erlang-et-23.3.4.19-150300.3.23.3

erlang-et-src-23.3.4.19-150300.3.23.3

erlang-jinterface-23.3.4.19-150300.3.23.3

erlang-jinterface-src-23.3.4.19-150300.3.23.3

erlang-observer-23.3.4.19-150300.3.23.3

erlang-observer-src-23.3.4.19-150300.3.23.3

erlang-reltool-23.3.4.19-150300.3.23.3

erlang-reltool-src-23.3.4.19-150300.3.23.3

erlang-src-23.3.4.19-150300.3.23.3

erlang-wx-23.3.4.19-150300.3.23.3

erlang-wx-src-23.3.4.19-150300.3.23.3

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-202502332-1/
Link for SUSE-SU-2025:02332-1
https://lists.suse.com/pipermail/sle-security-updates/2025-July/021835.html
E-Mail link for SUSE-SU-2025:02332-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1244642
SUSE Bug 1244642
https://www.suse.com/security/cve/CVE-2025-4748/
SUSE CVE CVE-2025-4748 page

Описание

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2 unless the memory option is passed. This issue affects OTP from OTP 17.0 until OTP 28.0.1, OTP 27.3.4.1 and OTP 26.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.

Затронутые продукты

SUSE Linux Enterprise Module for Server Applications 15 SP6:erlang-23.3.4.19-150300.3.23.3

SUSE Linux Enterprise Module for Server Applications 15 SP6:erlang-epmd-23.3.4.19-150300.3.23.3

SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-23.3.4.19-150300.3.23.3

SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-epmd-23.3.4.19-150300.3.23.3

Ссылки

https://www.suse.com/security/cve/CVE-2025-4748.html
CVE-2025-4748
https://bugzilla.suse.com/1244642
SUSE Bug 1244642

SUSE-SU-2025:02332-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Server Applications 15 SP6

SUSE Linux Enterprise Module for Server Applications 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-4748

Описание

Затронутые продукты

Ссылки