Patch Package:           OTP 26.2.5.9
Git Tag:                 OTP-26.2.5.9
Date:                    2025-02-20
Trouble Report Id:       OTP-19466, OTP-19495
Seq num:                 CVE-2025-26618, ERIERL-1173, GH-8208, PR-8209
System:                  OTP
Release:                 26
Application:             erts-14.2.5.8, ssh-5.1.4.6
Predecessor:             OTP 26.2.5.8

 Check out the git tag OTP-26.2.5.9, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- erts-14.2.5.8 ---------------------------------------------------
 ---------------------------------------------------------------------

 The erts-14.2.5.8 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-19495    Application(s): erts
               Related Id(s): GH-8208, PR-8209

               Fixed BEAM crash when a custom thread sends a large map
               (>128 keys) externally encoded with for example
               erl_drv_send_term().


 Full runtime dependencies of erts-14.2.5.8: kernel-9.0, sasl-3.3,
 stdlib-4.1


 ---------------------------------------------------------------------
 --- ssh-5.1.4.6 -----------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-5.1.4.6 application can be applied independently of other
 applications on a full OTP 26 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-19466    Application(s): ssh
               Related Id(s): ERIERL-1173, CVE-2025-26618

               SFTP packets exceeding max packet size are not
               processed and dropped.


 Full runtime dependencies of ssh-5.1.4.6: crypto-5.0, erts-14.0,
 kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
 stdlib-5.0


 ---------------------------------------------------------------------
 --- Thanks to -------------------------------------------------------
 ---------------------------------------------------------------------

 Simon Cornish


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------