Patch Package: OTP 25.3.2.19
Git Tag: OTP-25.3.2.19
Date: 2025-03-28
Trouble Report Id: OTP-19501, OTP-19527, OTP-19543, OTP-19545,
OTP-19559
Seq num: CVE-2025-30211, ERIERL-1195, GH-9554,
OTP-19544, PR-9499, PR-9545, PR-9577, PR-9587
System: OTP
Release: 25
Application: erts-13.2.2.15, kernel-8.5.4.5,
mnesia-4.21.4.4, ssh-4.15.3.11
Predecessor: OTP 25.3.2.18
Check out the git tag OTP-25.3.2.19, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- erts-13.2.2.15 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.2.2.15 application *cannot* be applied
independently of other applications on an arbitrary OTP 25
installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-19527 Application(s): erts
Related Id(s): PR-9577
Trace messages due to receive tracing could potentially
be delayed a very long time if the traced process
waited in a receive expression without clauses matching
on messages (timed wait), or just did not enter a
receive expression for a very long time.
Full runtime dependencies of erts-13.2.2.15: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- kernel-8.5.4.5 --------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-8.5.4.5 application *cannot* be applied
independently of other applications on an arbitrary OTP 25
installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- erts-13.1.3 (first satisfied in OTP 25.2)
-- stdlib-4.1.1 (first satisfied in OTP 25.1.1)
--- Fixed Bugs and Malfunctions ---
OTP-19545 Application(s): kernel
Related Id(s): PR-9587, OTP-19544
An infinite loop in CNAME loop detection that can cause
Out Of Memory has been fixed. This affected CNAME
lookup with the internal DNS resolver.
Full runtime dependencies of kernel-8.5.4.5: crypto-5.0, erts-13.1.3,
sasl-3.0, stdlib-4.1.1
---------------------------------------------------------------------
--- mnesia-4.21.4.4 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.21.4.4 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19501 Application(s): mnesia
Related Id(s): ERIERL-1195, PR-9499
Mnesia could fail to load a table, if one of the copy
holders was moved during startup.
Full runtime dependencies of mnesia-4.21.4.4: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- ssh-4.15.3.11 ---------------------------------------------------
---------------------------------------------------------------------
The ssh-4.15.3.11 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19543 Application(s): ssh
Related Id(s): CVE-2025-30211
Reception of malicious KEX init message does not result
with ssh daemon excessive memory usage.
OTP-19559 Application(s): ssh
Related Id(s): GH-9554, PR-9545
Call to ssh:daemon_replace_options does not crash when
argument is not a valid daemon ref.
Full runtime dependencies of ssh-4.15.3.11: crypto-5.0, erts-11.0,
kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
Alexandre Rodrigues, Sergei Shuvatov
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------