Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE: erlang Moderate Resource Usage Concerns 2026:19004-1

opensuse
Calendar Grey January 17, 2026
Dist Opensuse Esm H88
An openSUSE update for Erlang fixes moderate vulnerabilities affecting resource handling from authenticated users.
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description

This update for erlang fixes the following issues:

Update the ssh component to the latest in the maint-27 branch.

Security issues fixed:

- CVE-2025-48040: ssh: overly tolerant handling of data received from unauthenticated users when processing key

exchange messages may lead to excessive resource consumption (bsc#1249472).

- CVE-2025-48039: ssh: unverified paths from authenticated SFTP users may lead to excessive resource consumption

(bsc#1249469).

- CVE-2025-48038: ssh: unverified file handles from authenticated SFTP users may lead to excessive resource consumption

(bsc#1249470).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-148=1

Patch

Package List

- openSUSE Leap 16.0:

erlang-27.1.3-160000.3.1

erlang-debugger-27.1.3-160000.3.1

erlang-debugger-src-27.1.3-160000.3.1

erlang-dialyzer-27.1.3-160000.3.1

erlang-dialyzer-src-27.1.3-160000.3.1

erlang-diameter-27.1.3-160000.3.1

erlang-diameter-src-27.1.3-160000.3.1

erlang-doc-27.1.3-160000.3.1

erlang-epmd-27.1.3-160000.3.1

erlang-et-27.1.3-160000.3.1

erlang-et-src-27.1.3-160000.3.1

erlang-jinterface-27.1.3-160000.3.1

erlang-jinterface-src-27.1.3-160000.3.1

erlang-observer-27.1.3-160000.3.1

erlang-observer-src-27.1.3-160000.3.1

erlang-reltool-27.1.3-160000.3.1

erlang-reltool-src-27.1.3-160000.3.1

erlang-src-27.1.3-160000.3.1

erlang-wx-27.1.3-160000.3.1

erlang-wx-src-27.1.3-160000.3.1

References

* bsc#1249469

* bsc#1249470

* bsc#1249472

References:

* https://www.suse.com/security/cve/CVE-2025-48038.html

* https://www.suse.com/security/cve/CVE-2025-48039.html

* https://www.suse.com/security/cve/CVE-2025-48040.html

Announcement ID: openSUSE-SU-2026:20043-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.