Home / mailings [USN-7443-3] Erlang vulnerability
Posted on 17 July 2025
Ubuntu Security==========================================================================Ubuntu Security Notice USN-7443-3
July 17, 2025
erlang vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Erlang could be made to run programs if it received specially crafted
network traffic.
Software Description:
- erlang: Concurrent, real-time, distributed functional language
Details:
USN-7443-1 fixed a vulnerability in Erlang. This update provides the
corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk
discovered that Erlang OTP's SSH module incorrect handled authentication. A
remote attacker could use this issue to execute arbitrary commands without
authentication, possibly leading to a system compromise.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
erlang 1:20.2.2+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro
erlang-ssh 1:20.2.2+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
erlang 1:18.3-dfsg-1ubuntu3.1+esm1
Available with Ubuntu Pro
erlang-ssh 1:18.3-dfsg-1ubuntu3.1+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7443-3
https://ubuntu.com/security/notices/USN-7443-2
https://ubuntu.com/security/notices/USN-7443-3
CVE-2025-32433
--===============1823853828432385642==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
