An update for erlang is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2368 Final 1.0 1.0 2025-10-11 Initial 2025-10-11 2025-10-11 openEuler SA Tool V1.0 2025-10-11 erlang security update An update for erlang is now available for openEuler-24.03-LTS Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fix(es): Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48038) An update for erlang is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium erlang https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2368 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48038 https://nvd.nist.gov/vuln/detail/CVE-2025-48038 openEuler-24.03-LTS erlang-25.3.2.6-10.oe2403.aarch64.rpm erlang-asn1-25.3.2.6-10.oe2403.aarch64.rpm erlang-common_test-25.3.2.6-10.oe2403.aarch64.rpm erlang-compiler-25.3.2.6-10.oe2403.aarch64.rpm erlang-crypto-25.3.2.6-10.oe2403.aarch64.rpm erlang-debugger-25.3.2.6-10.oe2403.aarch64.rpm erlang-debuginfo-25.3.2.6-10.oe2403.aarch64.rpm erlang-debugsource-25.3.2.6-10.oe2403.aarch64.rpm erlang-dialyzer-25.3.2.6-10.oe2403.aarch64.rpm erlang-diameter-25.3.2.6-10.oe2403.aarch64.rpm erlang-edoc-25.3.2.6-10.oe2403.aarch64.rpm erlang-eldap-25.3.2.6-10.oe2403.aarch64.rpm erlang-erl_docgen-25.3.2.6-10.oe2403.aarch64.rpm erlang-erl_interface-25.3.2.6-10.oe2403.aarch64.rpm erlang-erts-25.3.2.6-10.oe2403.aarch64.rpm erlang-et-25.3.2.6-10.oe2403.aarch64.rpm erlang-eunit-25.3.2.6-10.oe2403.aarch64.rpm erlang-examples-25.3.2.6-10.oe2403.aarch64.rpm erlang-ftp-25.3.2.6-10.oe2403.aarch64.rpm erlang-inets-25.3.2.6-10.oe2403.aarch64.rpm erlang-jinterface-25.3.2.6-10.oe2403.aarch64.rpm erlang-kernel-25.3.2.6-10.oe2403.aarch64.rpm erlang-megaco-25.3.2.6-10.oe2403.aarch64.rpm erlang-mnesia-25.3.2.6-10.oe2403.aarch64.rpm erlang-observer-25.3.2.6-10.oe2403.aarch64.rpm erlang-odbc-25.3.2.6-10.oe2403.aarch64.rpm erlang-os_mon-25.3.2.6-10.oe2403.aarch64.rpm erlang-parsetools-25.3.2.6-10.oe2403.aarch64.rpm erlang-public_key-25.3.2.6-10.oe2403.aarch64.rpm erlang-reltool-25.3.2.6-10.oe2403.aarch64.rpm erlang-runtime_tools-25.3.2.6-10.oe2403.aarch64.rpm erlang-sasl-25.3.2.6-10.oe2403.aarch64.rpm erlang-snmp-25.3.2.6-10.oe2403.aarch64.rpm erlang-src-25.3.2.6-10.oe2403.aarch64.rpm erlang-ssh-25.3.2.6-10.oe2403.aarch64.rpm erlang-ssl-25.3.2.6-10.oe2403.aarch64.rpm erlang-stdlib-25.3.2.6-10.oe2403.aarch64.rpm erlang-syntax_tools-25.3.2.6-10.oe2403.aarch64.rpm erlang-tftp-25.3.2.6-10.oe2403.aarch64.rpm erlang-tools-25.3.2.6-10.oe2403.aarch64.rpm erlang-wx-25.3.2.6-10.oe2403.aarch64.rpm erlang-xmerl-25.3.2.6-10.oe2403.aarch64.rpm erlang-25.3.2.6-10.oe2403.src.rpm erlang-25.3.2.6-10.oe2403.x86_64.rpm erlang-asn1-25.3.2.6-10.oe2403.x86_64.rpm erlang-common_test-25.3.2.6-10.oe2403.x86_64.rpm erlang-compiler-25.3.2.6-10.oe2403.x86_64.rpm erlang-crypto-25.3.2.6-10.oe2403.x86_64.rpm erlang-debugger-25.3.2.6-10.oe2403.x86_64.rpm erlang-debuginfo-25.3.2.6-10.oe2403.x86_64.rpm erlang-debugsource-25.3.2.6-10.oe2403.x86_64.rpm erlang-dialyzer-25.3.2.6-10.oe2403.x86_64.rpm erlang-diameter-25.3.2.6-10.oe2403.x86_64.rpm erlang-edoc-25.3.2.6-10.oe2403.x86_64.rpm erlang-eldap-25.3.2.6-10.oe2403.x86_64.rpm erlang-erl_docgen-25.3.2.6-10.oe2403.x86_64.rpm erlang-erl_interface-25.3.2.6-10.oe2403.x86_64.rpm erlang-erts-25.3.2.6-10.oe2403.x86_64.rpm erlang-et-25.3.2.6-10.oe2403.x86_64.rpm erlang-eunit-25.3.2.6-10.oe2403.x86_64.rpm erlang-examples-25.3.2.6-10.oe2403.x86_64.rpm erlang-ftp-25.3.2.6-10.oe2403.x86_64.rpm erlang-inets-25.3.2.6-10.oe2403.x86_64.rpm erlang-jinterface-25.3.2.6-10.oe2403.x86_64.rpm erlang-kernel-25.3.2.6-10.oe2403.x86_64.rpm erlang-megaco-25.3.2.6-10.oe2403.x86_64.rpm erlang-mnesia-25.3.2.6-10.oe2403.x86_64.rpm erlang-observer-25.3.2.6-10.oe2403.x86_64.rpm erlang-odbc-25.3.2.6-10.oe2403.x86_64.rpm erlang-os_mon-25.3.2.6-10.oe2403.x86_64.rpm erlang-parsetools-25.3.2.6-10.oe2403.x86_64.rpm erlang-public_key-25.3.2.6-10.oe2403.x86_64.rpm erlang-reltool-25.3.2.6-10.oe2403.x86_64.rpm erlang-runtime_tools-25.3.2.6-10.oe2403.x86_64.rpm erlang-sasl-25.3.2.6-10.oe2403.x86_64.rpm erlang-snmp-25.3.2.6-10.oe2403.x86_64.rpm erlang-src-25.3.2.6-10.oe2403.x86_64.rpm erlang-ssh-25.3.2.6-10.oe2403.x86_64.rpm erlang-ssl-25.3.2.6-10.oe2403.x86_64.rpm erlang-stdlib-25.3.2.6-10.oe2403.x86_64.rpm erlang-syntax_tools-25.3.2.6-10.oe2403.x86_64.rpm erlang-tftp-25.3.2.6-10.oe2403.x86_64.rpm erlang-tools-25.3.2.6-10.oe2403.x86_64.rpm erlang-wx-25.3.2.6-10.oe2403.x86_64.rpm erlang-xmerl-25.3.2.6-10.oe2403.x86_64.rpm Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. 2025-10-11 CVE-2025-48038 openEuler-24.03-LTS Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L erlang security update 2025-10-11 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2368