{"schema_version":"1.7.2","id":"OESA-2025-1552","modified":"2025-05-23T14:00:26Z","published":"2025-05-23T14:00:26Z","upstream":["CVE-2025-46712"],"summary":"erlang security update","details":"Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.\r\n\r\nSecurity Fix(es):\n\nErlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages to be exchanged. This allows a Man-in-the-Middle attacker to inject these messages in a connection during the handshake. This issue has been patched in versions OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25).(CVE-2025-46712)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"erlang","purl":"pkg:rpm/openEuler/erlang\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"25.3.2.6-7.oe2403"}]}],"ecosystem_specific":{"aarch64":["erlang-25.3.2.6-7.oe2403.aarch64.rpm","erlang-asn1-25.3.2.6-7.oe2403.aarch64.rpm","erlang-common_test-25.3.2.6-7.oe2403.aarch64.rpm","erlang-compiler-25.3.2.6-7.oe2403.aarch64.rpm","erlang-crypto-25.3.2.6-7.oe2403.aarch64.rpm","erlang-debugger-25.3.2.6-7.oe2403.aarch64.rpm","erlang-debuginfo-25.3.2.6-7.oe2403.aarch64.rpm","erlang-debugsource-25.3.2.6-7.oe2403.aarch64.rpm","erlang-dialyzer-25.3.2.6-7.oe2403.aarch64.rpm","erlang-diameter-25.3.2.6-7.oe2403.aarch64.rpm","erlang-edoc-25.3.2.6-7.oe2403.aarch64.rpm","erlang-eldap-25.3.2.6-7.oe2403.aarch64.rpm","erlang-erl_docgen-25.3.2.6-7.oe2403.aarch64.rpm","erlang-erl_interface-25.3.2.6-7.oe2403.aarch64.rpm","erlang-erts-25.3.2.6-7.oe2403.aarch64.rpm","erlang-et-25.3.2.6-7.oe2403.aarch64.rpm","erlang-eunit-25.3.2.6-7.oe2403.aarch64.rpm","erlang-examples-25.3.2.6-7.oe2403.aarch64.rpm","erlang-ftp-25.3.2.6-7.oe2403.aarch64.rpm","erlang-inets-25.3.2.6-7.oe2403.aarch64.rpm","erlang-jinterface-25.3.2.6-7.oe2403.aarch64.rpm","erlang-kernel-25.3.2.6-7.oe2403.aarch64.rpm","erlang-megaco-25.3.2.6-7.oe2403.aarch64.rpm","erlang-mnesia-25.3.2.6-7.oe2403.aarch64.rpm","erlang-observer-25.3.2.6-7.oe2403.aarch64.rpm","erlang-odbc-25.3.2.6-7.oe2403.aarch64.rpm","erlang-os_mon-25.3.2.6-7.oe2403.aarch64.rpm","erlang-parsetools-25.3.2.6-7.oe2403.aarch64.rpm","erlang-public_key-25.3.2.6-7.oe2403.aarch64.rpm","erlang-reltool-25.3.2.6-7.oe2403.aarch64.rpm","erlang-runtime_tools-25.3.2.6-7.oe2403.aarch64.rpm","erlang-sasl-25.3.2.6-7.oe2403.aarch64.rpm","erlang-snmp-25.3.2.6-7.oe2403.aarch64.rpm","erlang-src-25.3.2.6-7.oe2403.aarch64.rpm","erlang-ssh-25.3.2.6-7.oe2403.aarch64.rpm","erlang-ssl-25.3.2.6-7.oe2403.aarch64.rpm","erlang-stdlib-25.3.2.6-7.oe2403.aarch64.rpm","erlang-syntax_tools-25.3.2.6-7.oe2403.aarch64.rpm","erlang-tftp-25.3.2.6-7.oe2403.aarch64.rpm","erlang-tools-25.3.2.6-7.oe2403.aarch64.rpm","erlang-wx-25.3.2.6-7.oe2403.aarch64.rpm","erlang-xmerl-25.3.2.6-7.oe2403.aarch64.rpm"],"src":["erlang-25.3.2.6-7.oe2403.src.rpm"],"x86_64":["erlang-25.3.2.6-7.oe2403.x86_64.rpm","erlang-asn1-25.3.2.6-7.oe2403.x86_64.rpm","erlang-common_test-25.3.2.6-7.oe2403.x86_64.rpm","erlang-compiler-25.3.2.6-7.oe2403.x86_64.rpm","erlang-crypto-25.3.2.6-7.oe2403.x86_64.rpm","erlang-debugger-25.3.2.6-7.oe2403.x86_64.rpm","erlang-debuginfo-25.3.2.6-7.oe2403.x86_64.rpm","erlang-debugsource-25.3.2.6-7.oe2403.x86_64.rpm","erlang-dialyzer-25.3.2.6-7.oe2403.x86_64.rpm","erlang-diameter-25.3.2.6-7.oe2403.x86_64.rpm","erlang-edoc-25.3.2.6-7.oe2403.x86_64.rpm","erlang-eldap-25.3.2.6-7.oe2403.x86_64.rpm","erlang-erl_docgen-25.3.2.6-7.oe2403.x86_64.rpm","erlang-erl_interface-25.3.2.6-7.oe2403.x86_64.rpm","erlang-erts-25.3.2.6-7.oe2403.x86_64.rpm","erlang-et-25.3.2.6-7.oe2403.x86_64.rpm","erlang-eunit-25.3.2.6-7.oe2403.x86_64.rpm","erlang-examples-25.3.2.6-7.oe2403.x86_64.rpm","erlang-ftp-25.3.2.6-7.oe2403.x86_64.rpm","erlang-inets-25.3.2.6-7.oe2403.x86_64.rpm","erlang-jinterface-25.3.2.6-7.oe2403.x86_64.rpm","erlang-kernel-25.3.2.6-7.oe2403.x86_64.rpm","erlang-megaco-25.3.2.6-7.oe2403.x86_64.rpm","erlang-mnesia-25.3.2.6-7.oe2403.x86_64.rpm","erlang-observer-25.3.2.6-7.oe2403.x86_64.rpm","erlang-odbc-25.3.2.6-7.oe2403.x86_64.rpm","erlang-os_mon-25.3.2.6-7.oe2403.x86_64.rpm","erlang-parsetools-25.3.2.6-7.oe2403.x86_64.rpm","erlang-public_key-25.3.2.6-7.oe2403.x86_64.rpm","erlang-reltool-25.3.2.6-7.oe2403.x86_64.rpm","erlang-runtime_tools-25.3.2.6-7.oe2403.x86_64.rpm","erlang-sasl-25.3.2.6-7.oe2403.x86_64.rpm","erlang-snmp-25.3.2.6-7.oe2403.x86_64.rpm","erlang-src-25.3.2.6-7.oe2403.x86_64.rpm","erlang-ssh-25.3.2.6-7.oe2403.x86_64.rpm","erlang-ssl-25.3.2.6-7.oe2403.x86_64.rpm","erlang-stdlib-25.3.2.6-7.oe2403.x86_64.rpm","erlang-syntax_tools-25.3.2.6-7.oe2403.x86_64.rpm","erlang-tftp-25.3.2.6-7.oe2403.x86_64.rpm","erlang-tools-25.3.2.6-7.oe2403.x86_64.rpm","erlang-wx-25.3.2.6-7.oe2403.x86_64.rpm","erlang-xmerl-25.3.2.6-7.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1552"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-46712"}],"database_specific":{"severity":"Low"}}