Security update for erlang26 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:1051-1 Final 1 1 2025-03-28T14:50:17Z current 2025-03-28T14:50:17Z 2025-03-28T14:50:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for erlang26 This update for erlang26 fixes the following issues: - CVE-2025-26618: Fixed incorrect verification of SSH SFTP packet size in Erlang OTP (bsc#1237467) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1051,SUSE-SLE-Module-Server-Applications-15-SP6-2025-1051,openSUSE-SLE-15.6-2025-1051 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20251051-1/ Link for SUSE-SU-2025:1051-1 https://lists.suse.com/pipermail/sle-security-updates/2025-March/020619.html E-Mail link for SUSE-SU-2025:1051-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1237467 SUSE Bug 1237467 https://www.suse.com/security/cve/CVE-2025-26618/ SUSE CVE CVE-2025-26618 page SUSE Linux Enterprise Module for Server Applications 15 SP6 openSUSE Leap 15.6 erlang26-26.2.1-150300.7.8.1 erlang26-debugger-26.2.1-150300.7.8.1 erlang26-debugger-src-26.2.1-150300.7.8.1 erlang26-dialyzer-26.2.1-150300.7.8.1 erlang26-dialyzer-src-26.2.1-150300.7.8.1 erlang26-diameter-26.2.1-150300.7.8.1 erlang26-diameter-src-26.2.1-150300.7.8.1 erlang26-doc-26.2.1-150300.7.8.1 erlang26-epmd-26.2.1-150300.7.8.1 erlang26-et-26.2.1-150300.7.8.1 erlang26-et-src-26.2.1-150300.7.8.1 erlang26-jinterface-26.2.1-150300.7.8.1 erlang26-jinterface-src-26.2.1-150300.7.8.1 erlang26-observer-26.2.1-150300.7.8.1 erlang26-observer-src-26.2.1-150300.7.8.1 erlang26-reltool-26.2.1-150300.7.8.1 erlang26-reltool-src-26.2.1-150300.7.8.1 erlang26-src-26.2.1-150300.7.8.1 erlang26-wx-26.2.1-150300.7.8.1 erlang26-wx-src-26.2.1-150300.7.8.1 erlang26-26.2.1-150300.7.8.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 erlang26-epmd-26.2.1-150300.7.8.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 erlang26-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-debugger-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-debugger-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-dialyzer-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-dialyzer-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-diameter-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-diameter-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-doc-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-epmd-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-et-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-et-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-jinterface-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-jinterface-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-observer-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-observer-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-reltool-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-reltool-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-wx-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 erlang26-wx-src-26.2.1-150300.7.8.1 as a component of openSUSE Leap 15.6 Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability. CVE-2025-26618 SUSE Linux Enterprise Module for Server Applications 15 SP6:erlang26-26.2.1-150300.7.8.1 SUSE Linux Enterprise Module for Server Applications 15 SP6:erlang26-epmd-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-debugger-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-debugger-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-dialyzer-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-dialyzer-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-diameter-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-diameter-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-doc-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-epmd-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-et-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-et-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-jinterface-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-jinterface-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-observer-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-observer-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-reltool-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-reltool-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-src-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-wx-26.2.1-150300.7.8.1 openSUSE Leap 15.6:erlang26-wx-src-26.2.1-150300.7.8.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20251051-1/ https://www.suse.com/security/cve/CVE-2025-26618.html CVE-2025-26618 https://bugzilla.suse.com/1237467 SUSE Bug 1237467