erlang-27.2.4-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15941 Final 1 1 2025-03-12T00:00:00Z current 2025-03-12T00:00:00Z 2025-03-12T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z erlang-27.2.4-2.1 on GA media These are all security issues fixed in the erlang-27.2.4-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15941 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-26618/ SUSE CVE CVE-2025-26618 page openSUSE Tumbleweed erlang-27.2.4-2.1 erlang-debugger-27.2.4-2.1 erlang-debugger-src-27.2.4-2.1 erlang-dialyzer-27.2.4-2.1 erlang-dialyzer-src-27.2.4-2.1 erlang-diameter-27.2.4-2.1 erlang-diameter-src-27.2.4-2.1 erlang-doc-27.2.4-2.1 erlang-epmd-27.2.4-2.1 erlang-et-27.2.4-2.1 erlang-et-src-27.2.4-2.1 erlang-jinterface-27.2.4-2.1 erlang-jinterface-src-27.2.4-2.1 erlang-observer-27.2.4-2.1 erlang-observer-src-27.2.4-2.1 erlang-reltool-27.2.4-2.1 erlang-reltool-src-27.2.4-2.1 erlang-src-27.2.4-2.1 erlang-wx-27.2.4-2.1 erlang-wx-src-27.2.4-2.1 erlang-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-debugger-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-debugger-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-dialyzer-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-dialyzer-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-diameter-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-diameter-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-doc-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-epmd-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-et-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-et-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-jinterface-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-jinterface-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-observer-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-observer-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-reltool-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-reltool-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-src-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-wx-27.2.4-2.1 as a component of openSUSE Tumbleweed erlang-wx-src-27.2.4-2.1 as a component of openSUSE Tumbleweed Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability. CVE-2025-26618 openSUSE Tumbleweed:erlang-27.2.4-2.1 openSUSE Tumbleweed:erlang-debugger-27.2.4-2.1 openSUSE Tumbleweed:erlang-debugger-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-dialyzer-27.2.4-2.1 openSUSE Tumbleweed:erlang-dialyzer-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-diameter-27.2.4-2.1 openSUSE Tumbleweed:erlang-diameter-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-doc-27.2.4-2.1 openSUSE Tumbleweed:erlang-epmd-27.2.4-2.1 openSUSE Tumbleweed:erlang-et-27.2.4-2.1 openSUSE Tumbleweed:erlang-et-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-jinterface-27.2.4-2.1 openSUSE Tumbleweed:erlang-jinterface-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-observer-27.2.4-2.1 openSUSE Tumbleweed:erlang-observer-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-reltool-27.2.4-2.1 openSUSE Tumbleweed:erlang-reltool-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-src-27.2.4-2.1 openSUSE Tumbleweed:erlang-wx-27.2.4-2.1 openSUSE Tumbleweed:erlang-wx-src-27.2.4-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-26618.html CVE-2025-26618 https://bugzilla.suse.com/1237467 SUSE Bug 1237467