An update for erlang is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1030 Final 1.0 1.0 2026-01-09 Initial 2026-01-09 2026-01-09 openEuler SA Tool V1.0 2026-01-09 erlang security update An update for erlang is now available for openEuler-22.03-LTS-SP3 Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fix(es): Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48038) Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48039) Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12.(CVE-2025-48041) An update for erlang is now available for master/openEuler-20.03-LTS-SP4/openEuler-22.03-LTS-SP3/openEuler-22.03-LTS-SP4/openEuler-24.03-LTS/openEuler-24.03-LTS-Next/openEuler-24.03-LTS-SP1/openEuler-24.03-LTS-SP2/openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium erlang https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1030 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48038 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48039 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-48041 https://nvd.nist.gov/vuln/detail/CVE-2025-48038 https://nvd.nist.gov/vuln/detail/CVE-2025-48039 https://nvd.nist.gov/vuln/detail/CVE-2025-48041 openEuler-22.03-LTS-SP3 erlang-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-asn1-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-common_test-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-compiler-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-crypto-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-debugger-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-debuginfo-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-debugsource-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-dialyzer-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-diameter-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-edoc-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-eldap-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-erl_docgen-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-erl_interface-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-erts-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-et-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-eunit-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-examples-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-ftp-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-hipe-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-inets-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-jinterface-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-kernel-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-megaco-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-mnesia-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-observer-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-odbc-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-os_mon-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-parsetools-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-public_key-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-reltool-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-runtime_tools-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-sasl-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-snmp-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-ssh-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-ssl-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-stdlib-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-syntax_tools-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-tftp-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-tools-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-wx-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-xmerl-23.3.4.9-8.oe2203sp3.aarch64.rpm erlang-23.3.4.9-8.oe2203sp3.src.rpm erlang-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-asn1-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-common_test-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-compiler-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-crypto-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-debugger-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-debuginfo-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-debugsource-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-dialyzer-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-diameter-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-edoc-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-eldap-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-erl_docgen-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-erl_interface-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-erts-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-et-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-eunit-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-examples-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-ftp-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-hipe-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-inets-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-jinterface-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-kernel-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-megaco-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-mnesia-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-observer-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-odbc-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-os_mon-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-parsetools-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-public_key-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-reltool-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-runtime_tools-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-sasl-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-snmp-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-ssh-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-ssl-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-stdlib-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-syntax_tools-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-tftp-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-tools-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-wx-23.3.4.9-8.oe2203sp3.x86_64.rpm erlang-xmerl-23.3.4.9-8.oe2203sp3.x86_64.rpm Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. 2026-01-09 CVE-2025-48038 openEuler-22.03-LTS-SP3 Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L erlang security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1030 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. 2026-01-09 CVE-2025-48039 openEuler-22.03-LTS-SP3 Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L erlang security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1030 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. 2026-01-09 CVE-2025-48041 openEuler-22.03-LTS-SP3 Medium 4.3 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L erlang security update 2026-01-09 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1030