Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: erlang Moderate Resource Access Issues Fix SUSE-SU-2026:20088-1

suse
Calendar Grey January 20, 2026
Dist Suse Esm H88
SUSE update resolves three security issues in Erlang, fixing path verification and resource management flaws.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for erlang fixes the following issues: Update the ssh component to the latest in the maint-27 branch. Security issues fixed: * CVE-2025-48040: ssh: overly tolerant handling of data received from unauthenticated users when processing key exchange messages may lead to excessive resource consumption (bsc#1249472). * CVE-2025-48039: ssh: unverified paths from authenticated SFTP users may lead to excessive resource consumption (bsc#1249469). * CVE-2025-48038: ssh: unverified file handles from authenticated SFTP users may lead to excessive resource consumption (bsc#1249470). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

References

* bsc#1249469

* bsc#1249470

* bsc#1249472

Cross-

* CVE-2025-48038

* CVE-2025-48039

* CVE-2025-48040

CVSS scores:

* CVE-2025-48038 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-48038 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-48038 ( NVD ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-48039 ( SUSE ): 5.3

Announcement ID: SUSE-SU-2026:20088-1
Release Date: 2026-01-15T17:21:23Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here