Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2026:20043-1

Опубликовано: 15 янв. 2026
Источник: suse-cvrf

Описание

Security update for erlang

This update for erlang fixes the following issues:

Update the ssh component to the latest in the maint-27 branch.

Security issues fixed:

  • CVE-2025-48040: ssh: overly tolerant handling of data received from unauthenticated users when processing key exchange messages may lead to excessive resource consumption (bsc#1249472).
  • CVE-2025-48039: ssh: unverified paths from authenticated SFTP users may lead to excessive resource consumption (bsc#1249469).
  • CVE-2025-48038: ssh: unverified file handles from authenticated SFTP users may lead to excessive resource consumption (bsc#1249470).

Список пакетов

openSUSE Leap 16.0
erlang-27.1.3-160000.3.1
erlang-debugger-27.1.3-160000.3.1
erlang-debugger-src-27.1.3-160000.3.1
erlang-dialyzer-27.1.3-160000.3.1
erlang-dialyzer-src-27.1.3-160000.3.1
erlang-diameter-27.1.3-160000.3.1
erlang-diameter-src-27.1.3-160000.3.1
erlang-doc-27.1.3-160000.3.1
erlang-epmd-27.1.3-160000.3.1
erlang-et-27.1.3-160000.3.1
erlang-et-src-27.1.3-160000.3.1
erlang-jinterface-27.1.3-160000.3.1
erlang-jinterface-src-27.1.3-160000.3.1
erlang-observer-27.1.3-160000.3.1
erlang-observer-src-27.1.3-160000.3.1
erlang-reltool-27.1.3-160000.3.1
erlang-reltool-src-27.1.3-160000.3.1
erlang-src-27.1.3-160000.3.1
erlang-wx-27.1.3-160000.3.1
erlang-wx-src-27.1.3-160000.3.1

Ссылки

Описание

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Затронутые продукты
openSUSE Leap 16.0:erlang-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-debugger-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-debugger-src-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-dialyzer-27.1.3-160000.3.1
Ссылки

Описание

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Затронутые продукты
openSUSE Leap 16.0:erlang-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-debugger-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-debugger-src-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-dialyzer-27.1.3-160000.3.1
Ссылки

Описание

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.

Затронутые продукты
openSUSE Leap 16.0:erlang-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-debugger-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-debugger-src-27.1.3-160000.3.1
openSUSE Leap 16.0:erlang-dialyzer-27.1.3-160000.3.1
Ссылки