==========================================================================
Ubuntu Security Notice USN-7443-2
April 23, 2025

erlang vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Erlang could be made to run programs if it received specially crafted
network traffic.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

USN-7443-1 fixed a vulnerability in Erlang. This update provides the
corresponding update for Ubuntu 25.04.

Original advisory details:

 Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk
 discovered that Erlang OTP’s SSH module incorrect handled authentication.
 A remote attacker could use this issue to execute arbitrary commands
 without authentication, possibly leading to a system compromise.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  erlang                          1:27.3+dfsg-1ubuntu1.1
  erlang-ssh                      1:27.3+dfsg-1ubuntu1.1

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7443-2
  https://ubuntu.com/security/notices/USN-7443-1
  CVE-2025-32433

Package Information:
  https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.1