操作系统--麒麟信安操作系统,国产操作系统,麒麟信安云桌面—

公告ID (KylinSec-SA-2025-1642)

摘要:

erlang security update

安全等级: Medium

公告ID: KylinSec-SA-2025-1642

发布日期: 2025年3月18日

关联CVE: CVE-2025-26618

详细介绍

1. 漏洞描述

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson.

Security Fix(es):

Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availability. OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang. Packet size is not verified properly for SFTP packets. As a result when multiple SSH packets (conforming to max SSH packet size) are received by ssh, they might be combined into an SFTP packet which will exceed the max allowed packet size and potentially cause large amount of memory to be allocated. Note that situation described above can only happen for successfully authenticated users after completing the SSH handshake. This issue has been patched in OTP versions 27.2.4, 26.2.5.9, and 25.3.2.18. There are no known workarounds for this vulnerability.(CVE-2025-26618)

2. 影响范围

cve名称	产品	组件	是否受影响
CVE-2025-26618	KY3.4-5A	erlang	Fixed
CVE-2025-26618	V6	erlang	Fixed

3. 影响组件

erlang

4. 修复版本

KY3.4-5A

软件名称	架构	版本号
erlang	x86_64	21.3.3-5.kb1.ky3_4
erlang-asn1	x86_64	21.3.3-5.kb1.ky3_4
erlang-common_test	x86_64	21.3.3-5.kb1.ky3_4
erlang-compiler	x86_64	21.3.3-5.kb1.ky3_4
erlang-crypto	x86_64	21.3.3-5.kb1.ky3_4
erlang-dialyzer	x86_64	21.3.3-5.kb1.ky3_4
erlang-diameter	x86_64	21.3.3-5.kb1.ky3_4
erlang-edoc	x86_64	21.3.3-5.kb1.ky3_4
erlang-eldap	x86_64	21.3.3-5.kb1.ky3_4
erlang-erl_docgen	x86_64	21.3.3-5.kb1.ky3_4
erlang-erl_interface	x86_64	21.3.3-5.kb1.ky3_4
erlang-erts	x86_64	21.3.3-5.kb1.ky3_4
erlang-et	x86_64	21.3.3-5.kb1.ky3_4
erlang-eunit	x86_64	21.3.3-5.kb1.ky3_4
erlang-examples	x86_64	21.3.3-5.kb1.ky3_4
erlang-ftp	x86_64	21.3.3-5.kb1.ky3_4
erlang-hipe	x86_64	21.3.3-5.kb1.ky3_4
erlang-inets	x86_64	21.3.3-5.kb1.ky3_4
erlang-jinterface	x86_64	21.3.3-5.kb1.ky3_4
erlang-kernel	x86_64	21.3.3-5.kb1.ky3_4
erlang-megaco	x86_64	21.3.3-5.kb1.ky3_4
erlang-mnesia	x86_64	21.3.3-5.kb1.ky3_4
erlang-observer	x86_64	21.3.3-5.kb1.ky3_4
erlang-odbc	x86_64	21.3.3-5.kb1.ky3_4
erlang-os_mon	x86_64	21.3.3-5.kb1.ky3_4
erlang-otp_mibs	x86_64	21.3.3-5.kb1.ky3_4
erlang-parsetools	x86_64	21.3.3-5.kb1.ky3_4
erlang-public_key	x86_64	21.3.3-5.kb1.ky3_4
erlang-reltool	x86_64	21.3.3-5.kb1.ky3_4
erlang-runtime_tools	x86_64	21.3.3-5.kb1.ky3_4
erlang-sasl	x86_64	21.3.3-5.kb1.ky3_4
erlang-snmp	x86_64	21.3.3-5.kb1.ky3_4
erlang-ssh	x86_64	21.3.3-5.kb1.ky3_4
erlang-ssl	x86_64	21.3.3-5.kb1.ky3_4
erlang-stdlib	x86_64	21.3.3-5.kb1.ky3_4
erlang-syntax_tools	x86_64	21.3.3-5.kb1.ky3_4
erlang-tftp	x86_64	21.3.3-5.kb1.ky3_4
erlang-tools	x86_64	21.3.3-5.kb1.ky3_4
erlang-wx	x86_64	21.3.3-5.kb1.ky3_4
erlang-xmerl	x86_64	21.3.3-5.kb1.ky3_4
erlang	aarch64	21.3.3-5.kb1.ky3_4
erlang-asn1	aarch64	21.3.3-5.kb1.ky3_4
erlang-common_test	aarch64	21.3.3-5.kb1.ky3_4
erlang-compiler	aarch64	21.3.3-5.kb1.ky3_4
erlang-crypto	aarch64	21.3.3-5.kb1.ky3_4
erlang-dialyzer	aarch64	21.3.3-5.kb1.ky3_4
erlang-diameter	aarch64	21.3.3-5.kb1.ky3_4
erlang-edoc	aarch64	21.3.3-5.kb1.ky3_4
erlang-eldap	aarch64	21.3.3-5.kb1.ky3_4
erlang-erl_docgen	aarch64	21.3.3-5.kb1.ky3_4
erlang-erl_interface	aarch64	21.3.3-5.kb1.ky3_4
erlang-erts	aarch64	21.3.3-5.kb1.ky3_4
erlang-et	aarch64	21.3.3-5.kb1.ky3_4
erlang-eunit	aarch64	21.3.3-5.kb1.ky3_4
erlang-examples	aarch64	21.3.3-5.kb1.ky3_4
erlang-ftp	aarch64	21.3.3-5.kb1.ky3_4
erlang-hipe	aarch64	21.3.3-5.kb1.ky3_4
erlang-inets	aarch64	21.3.3-5.kb1.ky3_4
erlang-jinterface	aarch64	21.3.3-5.kb1.ky3_4
erlang-kernel	aarch64	21.3.3-5.kb1.ky3_4
erlang-megaco	aarch64	21.3.3-5.kb1.ky3_4
erlang-mnesia	aarch64	21.3.3-5.kb1.ky3_4
erlang-observer	aarch64	21.3.3-5.kb1.ky3_4
erlang-odbc	aarch64	21.3.3-5.kb1.ky3_4
erlang-os_mon	aarch64	21.3.3-5.kb1.ky3_4
erlang-otp_mibs	aarch64	21.3.3-5.kb1.ky3_4
erlang-parsetools	aarch64	21.3.3-5.kb1.ky3_4
erlang-public_key	aarch64	21.3.3-5.kb1.ky3_4
erlang-reltool	aarch64	21.3.3-5.kb1.ky3_4
erlang-runtime_tools	aarch64	21.3.3-5.kb1.ky3_4
erlang-sasl	aarch64	21.3.3-5.kb1.ky3_4
erlang-snmp	aarch64	21.3.3-5.kb1.ky3_4
erlang-ssh	aarch64	21.3.3-5.kb1.ky3_4
erlang-ssl	aarch64	21.3.3-5.kb1.ky3_4
erlang-stdlib	aarch64	21.3.3-5.kb1.ky3_4
erlang-syntax_tools	aarch64	21.3.3-5.kb1.ky3_4
erlang-tftp	aarch64	21.3.3-5.kb1.ky3_4
erlang-tools	aarch64	21.3.3-5.kb1.ky3_4
erlang-wx	aarch64	21.3.3-5.kb1.ky3_4
erlang-xmerl	aarch64	21.3.3-5.kb1.ky3_4

V6

软件名称	架构	版本号
erlang	x86_64	25.3.2.6-4.ks6
erlang-asn1	x86_64	25.3.2.6-4.ks6
erlang-common_test	x86_64	25.3.2.6-4.ks6
erlang-compiler	x86_64	25.3.2.6-4.ks6
erlang-crypto	x86_64	25.3.2.6-4.ks6
erlang-dialyzer	x86_64	25.3.2.6-4.ks6
erlang-diameter	x86_64	25.3.2.6-4.ks6
erlang-edoc	x86_64	25.3.2.6-4.ks6
erlang-eldap	x86_64	25.3.2.6-4.ks6
erlang-erl_docgen	x86_64	25.3.2.6-4.ks6
erlang-erl_interface	x86_64	25.3.2.6-4.ks6
erlang-erts	x86_64	25.3.2.6-4.ks6
erlang-et	x86_64	25.3.2.6-4.ks6
erlang-eunit	x86_64	25.3.2.6-4.ks6
erlang-examples	x86_64	25.3.2.6-4.ks6
erlang-ftp	x86_64	25.3.2.6-4.ks6
erlang-inets	x86_64	25.3.2.6-4.ks6
erlang-jinterface	x86_64	25.3.2.6-4.ks6
erlang-kernel	x86_64	25.3.2.6-4.ks6
erlang-megaco	x86_64	25.3.2.6-4.ks6
erlang-mnesia	x86_64	25.3.2.6-4.ks6
erlang-observer	x86_64	25.3.2.6-4.ks6
erlang-odbc	x86_64	25.3.2.6-4.ks6
erlang-os_mon	x86_64	25.3.2.6-4.ks6
erlang-parsetools	x86_64	25.3.2.6-4.ks6
erlang-public_key	x86_64	25.3.2.6-4.ks6
erlang-reltool	x86_64	25.3.2.6-4.ks6
erlang-runtime_tools	x86_64	25.3.2.6-4.ks6
erlang-sasl	x86_64	25.3.2.6-4.ks6
erlang-snmp	x86_64	25.3.2.6-4.ks6
erlang-src	x86_64	25.3.2.6-4.ks6
erlang-ssh	x86_64	25.3.2.6-4.ks6
erlang-ssl	x86_64	25.3.2.6-4.ks6
erlang-stdlib	x86_64	25.3.2.6-4.ks6
erlang-syntax_tools	x86_64	25.3.2.6-4.ks6
erlang-tftp	x86_64	25.3.2.6-4.ks6
erlang-tools	x86_64	25.3.2.6-4.ks6
erlang-wx	x86_64	25.3.2.6-4.ks6
erlang-xmerl	x86_64	25.3.2.6-4.ks6
erlang	aarch64	25.3.2.6-4.ks6
erlang-asn1	aarch64	25.3.2.6-4.ks6
erlang-common_test	aarch64	25.3.2.6-4.ks6
erlang-compiler	aarch64	25.3.2.6-4.ks6
erlang-crypto	aarch64	25.3.2.6-4.ks6
erlang-dialyzer	aarch64	25.3.2.6-4.ks6
erlang-diameter	aarch64	25.3.2.6-4.ks6
erlang-edoc	aarch64	25.3.2.6-4.ks6
erlang-eldap	aarch64	25.3.2.6-4.ks6
erlang-erl_docgen	aarch64	25.3.2.6-4.ks6
erlang-erl_interface	aarch64	25.3.2.6-4.ks6
erlang-erts	aarch64	25.3.2.6-4.ks6
erlang-et	aarch64	25.3.2.6-4.ks6
erlang-eunit	aarch64	25.3.2.6-4.ks6
erlang-examples	aarch64	25.3.2.6-4.ks6
erlang-ftp	aarch64	25.3.2.6-4.ks6
erlang-inets	aarch64	25.3.2.6-4.ks6
erlang-jinterface	aarch64	25.3.2.6-4.ks6
erlang-kernel	aarch64	25.3.2.6-4.ks6
erlang-megaco	aarch64	25.3.2.6-4.ks6
erlang-mnesia	aarch64	25.3.2.6-4.ks6
erlang-observer	aarch64	25.3.2.6-4.ks6
erlang-odbc	aarch64	25.3.2.6-4.ks6
erlang-os_mon	aarch64	25.3.2.6-4.ks6
erlang-parsetools	aarch64	25.3.2.6-4.ks6
erlang-public_key	aarch64	25.3.2.6-4.ks6
erlang-reltool	aarch64	25.3.2.6-4.ks6
erlang-runtime_tools	aarch64	25.3.2.6-4.ks6
erlang-sasl	aarch64	25.3.2.6-4.ks6
erlang-snmp	aarch64	25.3.2.6-4.ks6
erlang-src	aarch64	25.3.2.6-4.ks6
erlang-ssh	aarch64	25.3.2.6-4.ks6
erlang-ssl	aarch64	25.3.2.6-4.ks6
erlang-stdlib	aarch64	25.3.2.6-4.ks6
erlang-syntax_tools	aarch64	25.3.2.6-4.ks6
erlang-tftp	aarch64	25.3.2.6-4.ks6
erlang-tools	aarch64	25.3.2.6-4.ks6
erlang-wx	aarch64	25.3.2.6-4.ks6
erlang-xmerl	aarch64	25.3.2.6-4.ks6

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

操作系统+

1. 漏洞描述

2. 影响范围

3. 影响组件

4. 修复版本

KY3.4-5A

V6

5. 修复方法

6. 下载链接

KY3.4-5A:

x86_64:

aarch64:

V6:

x86_64:

aarch64:

产品中心

解决方案

技术支持

生态与合作

分支机构