Explore top 10 tips to secure your open-source projects now. Read More
×
This update for erlang fixes the following issues:
Update the ssh component to the latest in the maint-27 branch.
Security issues fixed:
- CVE-2025-48040: ssh: overly tolerant handling of data received from unauthenticated users when processing key
exchange messages may lead to excessive resource consumption (bsc#1249472).
- CVE-2025-48039: ssh: unverified paths from authenticated SFTP users may lead to excessive resource consumption
(bsc#1249469).
- CVE-2025-48038: ssh: unverified file handles from authenticated SFTP users may lead to excessive resource consumption
(bsc#1249470).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-148=1
- openSUSE Leap 16.0:
erlang-27.1.3-160000.3.1
erlang-debugger-27.1.3-160000.3.1
erlang-debugger-src-27.1.3-160000.3.1
erlang-dialyzer-27.1.3-160000.3.1
erlang-dialyzer-src-27.1.3-160000.3.1
erlang-diameter-27.1.3-160000.3.1
erlang-diameter-src-27.1.3-160000.3.1
erlang-doc-27.1.3-160000.3.1
erlang-epmd-27.1.3-160000.3.1
erlang-et-27.1.3-160000.3.1
erlang-et-src-27.1.3-160000.3.1
erlang-jinterface-27.1.3-160000.3.1
erlang-jinterface-src-27.1.3-160000.3.1
erlang-observer-27.1.3-160000.3.1
erlang-observer-src-27.1.3-160000.3.1
erlang-reltool-27.1.3-160000.3.1
erlang-reltool-src-27.1.3-160000.3.1
erlang-src-27.1.3-160000.3.1
erlang-wx-27.1.3-160000.3.1
erlang-wx-src-27.1.3-160000.3.1
* bsc#1249469
* bsc#1249470
* bsc#1249472
References:
* https://www.suse.com/security/cve/CVE-2025-48038.html
* https://www.suse.com/security/cve/CVE-2025-48039.html
* https://www.suse.com/security/cve/CVE-2025-48040.html
Get the latest Linux and open source security news straight to your inbox.