This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1980788590291701517==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------pCjSDp74N5zplVeCr9CDrnXv"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------pCjSDp74N5zplVeCr9CDrnXv
Content-Type: multipart/mixed;
 boundary="------------1LoFZCuyrOV9Lg9UPFGWBT16";
 protected-headers="v1"
From: Fabian Toepfer <fabian.toepfer@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <57a34c03-eb97-4ac3-97c0-55b5f42fadd5@canonical.com>
Subject: [USN-7425-1] Erlang vulnerability

--------------1LoFZCuyrOV9Lg9UPFGWBT16
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7425-1
April 08, 2025

erlang vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Erlang could be made to consume large amount of memory.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

It was discovered that Erlang OTP's SSH module did not limit the size of
certain data in initialization messages. An attacker could possibly use
this issue to consume large amount of memory leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   erlang                          1:25.3.2.12+dfsg-1ubuntu2.2
   erlang-ssh                      1:25.3.2.12+dfsg-1ubuntu2.2

Ubuntu 24.04 LTS
   erlang                          1:25.3.2.8+dfsg-1ubuntu4.2
   erlang-ssh                      1:25.3.2.8+dfsg-1ubuntu4.2

Ubuntu 22.04 LTS
   erlang                          1:24.2.1+dfsg-1ubuntu0.3
   erlang-ssh                      1:24.2.1+dfsg-1ubuntu0.3

Ubuntu 20.04 LTS
   erlang                          1:22.2.7+dfsg-1ubuntu0.4
   erlang-ssh                      1:22.2.7+dfsg-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7425-1
   CVE-2025-30211

Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.12+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.2
https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.3
https://launchpad.net/ubuntu/+source/erlang/1:22.2.7+dfsg-1ubuntu0.4

--------------1LoFZCuyrOV9Lg9UPFGWBT16--

--------------pCjSDp74N5zplVeCr9CDrnXv
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmf1WWUFAwAAAAAACgkQCAvK1QvD6SB0
gQ//eNyIEgCfa0xWTMecrRKgntZhBrh7S3eLript04PztzwmMcXu19KxRtRx+Oh+OIzz7OIjUzik
Xin38Td19I34NQ+NAJYthcYPtxjtzHKENF+DoquVrmd+90RLVSvlxYgMCn8fk3dDL0ch+svP+5fv
RGmnqLrurPzpJon1qwRWLtG9iD1KzMy2Ght+IX8nIH/iK5AoNlsWWQtr1Z4oJ/jmRGIwj7rda5V5
wIBh7CsMTkestdl4M8GlZMb3It1bNyJbiOT8ygP9gWCtxSV9pnVqiPDtXHyIF9NK+HlURKZ+RVt6
IIGUR52RTwrbHK9lGbhCeb8k4E/TiTVSZp7wbzLw55/pHEwf80mXwjOAonmMx33+KIrmGt/EZrDF
27l1Ej1kSQGB37g5YmgcVj1hK/quZ5f5GzYK9MpkuuJKA8XtiqaZCtWdMohkJ5ZJ1WevZvD0dKOM
7PD39BgE24njEqouPT/srbmqxigGIAB6jXnapr05YOpyyfMdA4NWlVMFwGIX0yuMz3uay8sZ0a6n
Rgel9WDulhoJlWtvhzD6ri+96CsiwsJItm1+Qyr2pJOUZklh3YccmmY0aI8Lbmpv3GeLZnf9MuXd
phAc30mHBg4yv4qirZsEKN+74zI+IIIMHX+7mLl8k/3wnYdQi9QOV8HbEFwVJS8gFWLce3SMixRc
5Uk=
=7WUg
-----END PGP SIGNATURE-----

--------------pCjSDp74N5zplVeCr9CDrnXv--


--===============1980788590291701517==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============1980788590291701517==--