Erlang/OTP 25.3.2.19

This release of Erlang/OTP can be built from source or installed using pre-built packages for your OS or third-party tools (such as kerl, asdf or mise).

docker run -it erlang:25.3.2.19
Erlang/OTP 25.3.2.19
View on github.com
Patch Package OTP 25.3.2.19
Git Tag OTP-25.3.2.19
Date 2025-03-28
Issue Id
CVE-2025-30211
ERIERL-1195
System OTP
Release 25
Application

erts-13.2.2.15 #

Note! The erts-13.2.2.15 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependencies have to be satisfied: -- kernel-8.5 (first satisfied in OTP 25.1) -- stdlib-4.1 (first satisfied in OTP 25.1)

OTP-19527
Application(s):
erts
Related Id(s):
PR-9577

Trace messages due to receive tracing could potentially be delayed a very long time if the traced process waited in a receive expression without clauses matching on messages (timed wait), or just did not enter a receive expression for a very long time.

Full runtime dependencies of erts-13.2.2.15: kernel-8.5, sasl-3.3, stdlib-4.1

kernel-8.5.4.5 #

Note! The kernel-8.5.4.5 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependencies have to be satisfied: -- erts-13.1.3 (first satisfied in OTP 25.2) -- stdlib-4.1.1 (first satisfied in OTP 25.1.1)

OTP-19545
Application(s):
kernel
Related Id(s):
PR-9587 , OTP-19544

An infinite loop in CNAME loop detection that can cause Out Of Memory has been fixed. This affected CNAME lookup with the internal DNS resolver.

Full runtime dependencies of kernel-8.5.4.5: crypto-5.0, erts-13.1.3, sasl-3.0, stdlib-4.1.1

mnesia-4.21.4.4 #

The mnesia-4.21.4.4 application can be applied independently of other applications on a full OTP 25 installation.

OTP-19501
Application(s):
mnesia
Related Id(s):
ERIERL-1195 , PR-9499

Mnesia could fail to load a table, if one of the copy holders was moved during startup.

Full runtime dependencies of mnesia-4.21.4.4: erts-9.0, kernel-5.3, stdlib-3.4

ssh-4.15.3.11 #

The ssh-4.15.3.11 application can be applied independently of other applications on a full OTP 25 installation.

OTP-19543
Application(s):
ssh
Related Id(s):
CVE-2025-30211

Reception of malicious KEX init message does not result with ssh daemon excessive memory usage.

OTP-19559
Application(s):
ssh
Related Id(s):
GH-9554 , PR-9545

Call to ssh:daemon_replace_options does not crash when argument is not a valid daemon ref.

Full runtime dependencies of ssh-4.15.3.11: crypto-5.0, erts-11.0, kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15

Thanks To #

Alexandre Rodrigues, Sergei Shuvatov