Erlang packages have received critical updates for Debian GNU/Linux 11 (Bullseye) LTS and 12 (Bookworm) to address vulnerabilities in the SSH protocol. Two security advisories, DSA-5906-1 and DLA-4132-1, have been issued detailing these updates.
Debian Security Advisory DSA-5906-1 (dated April 20, 2025) addresses vulnerabilities in the SSH implementation of Erlang/OTP, potentially leading to denial of service or arbitrary code execution. The affected version for the stable distribution (Bookworm) is updated to 1:25.2.3+dfsg-1+deb12u1. Users are encouraged to upgrade their Erlang packages to maintain security.
Debian LTS Advisory DLA-4132-1 (dated April 21, 2025) similarly highlights multiple vulnerabilities affecting the Bullseye version of Erlang (1:23.2.6+dfsg-1+deb11u2). The advisories identify several CVEs, including:
- CVE-2023-48795: A "Terrapin attack" that can allow attackers to bypass integrity checks, leading to downgraded security features in SSH connections.
- CVE-2025-26618, CVE-2025-30211: Similar vulnerabilities related to integrity check bypasses.
- CVE-2025-32433: A critical flaw that may enable unauthenticated remote code execution (RCE), allowing attackers to execute arbitrary commands without authorization.
Both advisories stress the importance of upgrading Erlang packages to safeguard systems against these vulnerabilities. Users can find detailed security status and further information on how to apply these updates through the provided links to the Debian security tracker and advisory pages.
In extension, it is essential for users and system administrators to regularly monitor security advisories and apply updates promptly to mitigate risks associated with software vulnerabilities. Understanding the nature of these vulnerabilities, particularly in widely used protocols like SSH, can help in implementing best practices for security, such as establishing strict access controls and employing network monitoring tools to detect unusual activities
Debian Security Advisory DSA-5906-1 (dated April 20, 2025) addresses vulnerabilities in the SSH implementation of Erlang/OTP, potentially leading to denial of service or arbitrary code execution. The affected version for the stable distribution (Bookworm) is updated to 1:25.2.3+dfsg-1+deb12u1. Users are encouraged to upgrade their Erlang packages to maintain security.
Debian LTS Advisory DLA-4132-1 (dated April 21, 2025) similarly highlights multiple vulnerabilities affecting the Bullseye version of Erlang (1:23.2.6+dfsg-1+deb11u2). The advisories identify several CVEs, including:
- CVE-2023-48795: A "Terrapin attack" that can allow attackers to bypass integrity checks, leading to downgraded security features in SSH connections.
- CVE-2025-26618, CVE-2025-30211: Similar vulnerabilities related to integrity check bypasses.
- CVE-2025-32433: A critical flaw that may enable unauthenticated remote code execution (RCE), allowing attackers to execute arbitrary commands without authorization.
Both advisories stress the importance of upgrading Erlang packages to safeguard systems against these vulnerabilities. Users can find detailed security status and further information on how to apply these updates through the provided links to the Debian security tracker and advisory pages.
In extension, it is essential for users and system administrators to regularly monitor security advisories and apply updates promptly to mitigate risks associated with software vulnerabilities. Understanding the nature of these vulnerabilities, particularly in widely used protocols like SSH, can help in implementing best practices for security, such as establishing strict access controls and employing network monitoring tools to detect unusual activities
Erlang updates for Debian 11 LTS and 12
Updated Erlang packages have been released for Debian GNU/Linux 11 (Bullseye) LTS and 12 (Bookworm) to update the implementation of the SSH protocol, which has been found to contain multiple vulnerabilities:
[SECURITY] [DSA 5906-1] erlang security update
[SECURITY] [DLA 4132-1] erlang security update
