ELA-1405-1 erlang security update

remote code execution

2025-04-23
Packageerlang
Version19.2.1+dfsg-2+really23.3.4.18-0+deb9u4 (stretch), 1:22.2.7+dfsg-1+deb10u3 (buster)
Related CVEs CVE-2025-32433


A remote code execution vulnerability was discovered in the Erlang/OTP implementation of the SSH protocol.



For Debian 10 buster, these problems have been fixed in version 1:22.2.7+dfsg-1+deb10u3.

For Debian 9 stretch, these problems have been fixed in version 19.2.1+dfsg-2+really23.3.4.18-0+deb9u4.

We recommend that you upgrade your erlang packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.