摘要:
erlang security update
安全等级: High
公告ID: KylinSec-SA-2025-2491
发布日期: 2025年6月5日
关联CVE: CVE-2025-30211
Erlang是一种通用编程语言和运行时环境,内置对并发、分布式计算和容错机制的支持。该语言由爱立信开发,广泛应用于电信领域的大型系统,其特点包括轻量级进程、消息传递通信模型以及热代码升级能力。
安全修复:
Erlang/OTP是Erlang语言的配套库集合。在OTP-27.3.1、26.2.5.10和25.3.2.19版本之前,处理恶意构造的KEX初始化消息时存在内存管理缺陷。由于未对算法名称长度实施RFC标准限制(64字符),过大的KEX初始化数据包会导致错误数据处理效率低下,进而触发大量内存分配。受影响版本可通过升级至OTP-27.3.1、OTP-26.2.5.10或OTP-25.3.2.19修复。临时缓解措施包括:将parallel_login设为false和/或减少max_sessions参数值。
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-30211 | KY3.4-5A | erlang | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| erlang | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-asn1 | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-common_test | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-compiler | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-crypto | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-dialyzer | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-diameter | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-edoc | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-eldap | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-erl_docgen | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-erl_interface | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-erts | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-et | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-eunit | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-examples | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-ftp | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-hipe | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-inets | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-jinterface | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-kernel | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-megaco | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-mnesia | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-observer | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-odbc | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-os_mon | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-otp_mibs | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-parsetools | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-public_key | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-reltool | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-runtime_tools | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-sasl | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-snmp | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-ssh | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-ssl | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-stdlib | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-syntax_tools | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-tftp | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-tools | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-wx | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang-xmerl | x86_64 | 21.3.3-7.kb1.ky3_4 |
| erlang | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-asn1 | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-common_test | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-compiler | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-crypto | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-dialyzer | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-diameter | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-edoc | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-eldap | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-erl_docgen | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-erl_interface | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-erts | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-et | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-eunit | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-examples | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-ftp | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-hipe | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-inets | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-jinterface | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-kernel | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-megaco | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-mnesia | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-observer | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-odbc | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-os_mon | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-otp_mibs | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-parsetools | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-public_key | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-reltool | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-runtime_tools | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-sasl | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-snmp | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-ssh | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-ssl | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-stdlib | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-syntax_tools | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-tftp | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-tools | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-wx | aarch64 | 21.3.3-7.kb1.ky3_4 |
| erlang-xmerl | aarch64 | 21.3.3-7.kb1.ky3_4 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
