SUSE-SU-2025:1357-1

Опубликовано: 22 апр. 2025

Источник: suse-cvrf

Описание

Security update for erlang

This update for erlang fixes the following issues:

CVE-2025-32433: Fixed unauthenticated remote code execution in Erlang/OTP SSH (bsc#1241300)

Список пакетов

SUSE Enterprise Storage 7.1

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Module for Server Applications 15 SP6

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Server 15 SP3-LTSS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Server 15 SP4-LTSS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Server 15 SP5-LTSS

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise Server for SAP Applications 15 SP5

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Manager Proxy 4.3

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Manager Server 4.3

erlang-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

openSUSE Leap 15.6

erlang-23.3.4.19-150300.3.20.1

erlang-debugger-23.3.4.19-150300.3.20.1

erlang-debugger-src-23.3.4.19-150300.3.20.1

erlang-dialyzer-23.3.4.19-150300.3.20.1

erlang-dialyzer-src-23.3.4.19-150300.3.20.1

erlang-diameter-23.3.4.19-150300.3.20.1

erlang-diameter-src-23.3.4.19-150300.3.20.1

erlang-doc-23.3.4.19-150300.3.20.1

erlang-epmd-23.3.4.19-150300.3.20.1

erlang-et-23.3.4.19-150300.3.20.1

erlang-et-src-23.3.4.19-150300.3.20.1

erlang-jinterface-23.3.4.19-150300.3.20.1

erlang-jinterface-src-23.3.4.19-150300.3.20.1

erlang-observer-23.3.4.19-150300.3.20.1

erlang-observer-src-23.3.4.19-150300.3.20.1

erlang-reltool-23.3.4.19-150300.3.20.1

erlang-reltool-src-23.3.4.19-150300.3.20.1

erlang-src-23.3.4.19-150300.3.20.1

erlang-wx-23.3.4.19-150300.3.20.1

erlang-wx-src-23.3.4.19-150300.3.20.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20251357-1/
Link for SUSE-SU-2025:1357-1
https://lists.suse.com/pipermail/sle-updates/2025-April/039073.html
E-Mail link for SUSE-SU-2025:1357-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1241300
SUSE Bug 1241300
https://www.suse.com/security/cve/CVE-2025-32433/
SUSE CVE CVE-2025-32433 page

Описание

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

Затронутые продукты

SUSE Enterprise Storage 7.1:erlang-23.3.4.19-150300.3.20.1

SUSE Enterprise Storage 7.1:erlang-epmd-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:erlang-23.3.4.19-150300.3.20.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:erlang-epmd-23.3.4.19-150300.3.20.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-32433.html
CVE-2025-32433
https://bugzilla.suse.com/1241300
SUSE Bug 1241300

SUSE-SU-2025:1357-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

SUSE Linux Enterprise Module for Server Applications 15 SP6

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server 15 SP5-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Linux Enterprise Server for SAP Applications 15 SP5

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2025-32433

Описание

Затронутые продукты

Ссылки