USN-7831-1: Erlang vulnerabilities

Publication date: 21 October 2025
Overview: Several security issues were fixed in Erlang.

Packages
erlang - Concurrent, real-time, distributed functional language

Details
It was discovered that Erlang incorrectly handled resource allocation and
consumption in the SFTP SSH module. An attacker could possibly use this
issue cause Erlang to consume excessive resources, leading to a denial of
service.

Update instructions
The problem can be corrected by updating your system to the following package versions:

25.10 questing

• erlang – 1:27.3.4.1+dfsg-1ubuntu0.1
• erlang-ssh – 1:27.3.4.1+dfsg-1ubuntu0.1
  25.04 plucky
• erlang – 1:27.3+dfsg-1ubuntu1.3
• erlang-ssh – 1:27.3+dfsg-1ubuntu1.3
  c noble
• erlang – 1:25.3.2.8+dfsg-1ubuntu4.5
• erlang-ssh – 1:25.3.2.8+dfsg-1ubuntu4.5
  22.04 LTS jammy
• erlang – 1:24.2.1+dfsg-1ubuntu0.6
• erlang-ssh – 1:24.2.1+dfsg-1ubuntu0.6
  20.04 LTS focal
• erlang – 1:22.2.7+dfsg-1ubuntu0.5+esm1
• erlang-ssh – 1:22.2.7+dfsg-1ubuntu0.5+esm1
  18.04 LTS bionic
• erlang – 1:20.2.2+dfsg-1ubuntu2+esm2
• erlang-ssh – 1:20.2.2+dfsg-1ubuntu2+esm2
  16.04 LTS xenial
• erlang – 1:18.3-dfsg-1ubuntu3.1+esm2
• erlang-ssh – 1:18.3-dfsg-1ubuntu3.1+esm2
  14.04 LTS trusty
• erlang – 1:16.b.3-dfsg-1ubuntu2.2+esm1
• erlang-ssh – 1:16.b.3-dfsg-1ubuntu2.2+esm1