Security update for erlang SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0661-1 Final 1 1 2026-02-26T15:10:09Z current 2026-02-26T15:10:09Z 2026-02-26T15:10:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for erlang This update for erlang fixes the following issues: - CVE-2025-48039:Fixed an excessive use of system resources. (bsc#1249469) - CVE-2025-48038:Fixed an excessive use of system resources. (bsc#1249470) - CVE-2025-48040:Fixed an excessive resource consumption. (bsc#1249472) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-661,SUSE-SLE-Module-Server-Applications-15-SP7-2026-661,openSUSE-SLE-15.6-2026-661 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260661-1/ Link for SUSE-SU-2026:0661-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024449.html E-Mail link for SUSE-SU-2026:0661-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1249469 SUSE Bug 1249469 https://bugzilla.suse.com/1249470 SUSE Bug 1249470 https://bugzilla.suse.com/1249472 SUSE Bug 1249472 https://www.suse.com/security/cve/CVE-2025-48038/ SUSE CVE CVE-2025-48038 page https://www.suse.com/security/cve/CVE-2025-48039/ SUSE CVE CVE-2025-48039 page https://www.suse.com/security/cve/CVE-2025-48040/ SUSE CVE CVE-2025-48040 page SUSE Linux Enterprise Module for Server Applications 15 SP7 openSUSE Leap 15.6 erlang-23.3.4.19-150300.3.29.1 erlang-debugger-23.3.4.19-150300.3.29.1 erlang-debugger-src-23.3.4.19-150300.3.29.1 erlang-dialyzer-23.3.4.19-150300.3.29.1 erlang-dialyzer-src-23.3.4.19-150300.3.29.1 erlang-diameter-23.3.4.19-150300.3.29.1 erlang-diameter-src-23.3.4.19-150300.3.29.1 erlang-doc-23.3.4.19-150300.3.29.1 erlang-epmd-23.3.4.19-150300.3.29.1 erlang-et-23.3.4.19-150300.3.29.1 erlang-et-src-23.3.4.19-150300.3.29.1 erlang-jinterface-23.3.4.19-150300.3.29.1 erlang-jinterface-src-23.3.4.19-150300.3.29.1 erlang-observer-23.3.4.19-150300.3.29.1 erlang-observer-src-23.3.4.19-150300.3.29.1 erlang-reltool-23.3.4.19-150300.3.29.1 erlang-reltool-src-23.3.4.19-150300.3.29.1 erlang-src-23.3.4.19-150300.3.29.1 erlang-wx-23.3.4.19-150300.3.29.1 erlang-wx-src-23.3.4.19-150300.3.29.1 erlang-23.3.4.19-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 erlang-epmd-23.3.4.19-150300.3.29.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 erlang-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-debugger-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-debugger-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-dialyzer-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-dialyzer-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-diameter-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-diameter-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-doc-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-epmd-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-et-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-et-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-jinterface-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-jinterface-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-observer-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-observer-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-reltool-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-reltool-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-wx-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 erlang-wx-src-23.3.4.19-150300.3.29.1 as a component of openSUSE Leap 15.6 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. CVE-2025-48038 SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-23.3.4.19-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-epmd-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-debugger-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-debugger-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-dialyzer-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-dialyzer-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-diameter-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-diameter-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-doc-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-epmd-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-et-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-et-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-jinterface-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-jinterface-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-observer-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-observer-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-reltool-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-reltool-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-wx-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-wx-src-23.3.4.19-150300.3.29.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260661-1/ https://www.suse.com/security/cve/CVE-2025-48038.html CVE-2025-48038 https://bugzilla.suse.com/1249470 SUSE Bug 1249470 Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. CVE-2025-48039 SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-23.3.4.19-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-epmd-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-debugger-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-debugger-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-dialyzer-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-dialyzer-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-diameter-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-diameter-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-doc-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-epmd-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-et-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-et-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-jinterface-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-jinterface-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-observer-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-observer-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-reltool-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-reltool-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-wx-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-wx-src-23.3.4.19-150300.3.29.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260661-1/ https://www.suse.com/security/cve/CVE-2025-48039.html CVE-2025-48039 https://bugzilla.suse.com/1249469 SUSE Bug 1249469 Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2.5.15 corresponding to ssh from 3.0.1 until 5.3.3, 5.2.11.3 and 5.1.4.12. CVE-2025-48040 SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-23.3.4.19-150300.3.29.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:erlang-epmd-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-debugger-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-debugger-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-dialyzer-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-dialyzer-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-diameter-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-diameter-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-doc-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-epmd-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-et-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-et-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-jinterface-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-jinterface-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-observer-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-observer-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-reltool-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-reltool-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-src-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-wx-23.3.4.19-150300.3.29.1 openSUSE Leap 15.6:erlang-wx-src-23.3.4.19-150300.3.29.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260661-1/ https://www.suse.com/security/cve/CVE-2025-48040.html CVE-2025-48040 https://bugzilla.suse.com/1249472 SUSE Bug 1249472