==========================================================================
Ubuntu Security Notice USN-7425-1
April 08, 2025

erlang vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Erlang could be made to consume large amount of memory.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

It was discovered that Erlang OTP's SSH module did not limit the size of
certain data in initialization messages. An attacker could possibly use
this issue to consume large amount of memory leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  erlang                          1:25.3.2.12+dfsg-1ubuntu2.2
  erlang-ssh                      1:25.3.2.12+dfsg-1ubuntu2.2

Ubuntu 24.04 LTS
  erlang                          1:25.3.2.8+dfsg-1ubuntu4.2
  erlang-ssh                      1:25.3.2.8+dfsg-1ubuntu4.2

Ubuntu 22.04 LTS
  erlang                          1:24.2.1+dfsg-1ubuntu0.3
  erlang-ssh                      1:24.2.1+dfsg-1ubuntu0.3

Ubuntu 20.04 LTS
  erlang                          1:22.2.7+dfsg-1ubuntu0.4
  erlang-ssh                      1:22.2.7+dfsg-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7425-1
  CVE-2025-30211

Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.12+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.2
https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.3
https://launchpad.net/ubuntu/+source/erlang/1:22.2.7+dfsg-1ubuntu0.4