Patch Package: OTP 26.2.5.13
Git Tag: OTP-26.2.5.13
Date: 2025-06-16
Trouble Report Id: OTP-19634, OTP-19637, OTP-19638, OTP-19649,
OTP-19653, OTP-19667
Seq num: CVE-2025-4748, GH-6463, GH-9102, GH-9771,
GH-9841, PR-9103, PR-9838, PR-9846, PR-9898,
PR-9912, PR-9941
System: OTP
Release: 26
Application: asn1-5.2.2.1, kernel-9.2.4.9, ssh-5.1.4.10,
stdlib-5.2.3.4
Predecessor: OTP 26.2.5.12
Check out the git tag OTP-26.2.5.13, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- asn1-5.2.2.1 ----------------------------------------------------
---------------------------------------------------------------------
The asn1-5.2.2.1 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19638 Application(s): asn1
Related Id(s): GH-9841, PR-9846
The ASN.1 compiler could generate code that would cause
Dialyzer with the unmatched_returns option to emit
warnings.
Full runtime dependencies of asn1-5.2.2.1: erts-11.0, kernel-7.0,
stdlib-3.13
---------------------------------------------------------------------
--- kernel-9.2.4.9 --------------------------------------------------
---------------------------------------------------------------------
The kernel-9.2.4.9 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19667 Application(s): kernel, stdlib
Related Id(s): PR-9912
A remote shell can now exit by closing the input
stream, without terminating the remote node.
Full runtime dependencies of kernel-9.2.4.9: crypto-5.0, erts-14.0,
sasl-3.0, stdlib-5.0
---------------------------------------------------------------------
--- ssh-5.1.4.10 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-5.1.4.10 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19634 Application(s): ssh
Related Id(s): GH-9102, PR-9103
Various channel closing robustness improvements. Avoid
crashes when channel handling process closes channel
and immediately exits. Avoid breaking the protocol by
sending duplicated channel-close messages. Cleanup
channels which timeout during closing procedure.
OTP-19637 Application(s): ssh
Related Id(s): GH-6463, PR-9838
Improved interoperability with clients acting as
Paramiko.
Full runtime dependencies of ssh-5.1.4.10: crypto-5.0, erts-14.0,
kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-5.0,
stdlib-5.0
---------------------------------------------------------------------
--- stdlib-5.2.3.4 --------------------------------------------------
---------------------------------------------------------------------
The stdlib-5.2.3.4 application can be applied independently of other
applications on a full OTP 26 installation.
--- Fixed Bugs and Malfunctions ---
OTP-19649 Application(s): stdlib
Related Id(s): GH-9771, PR-9898
It's now possible to write lists:map(fun is_atom/1, [])
or lists:map(fun my_func/1, []), in the shell, instead
of lists:map(fun erlang:is_atom/1, []) or lists:map(fun
shell_default:my_func/1, []).
OTP-19653 Application(s): stdlib
Related Id(s): PR-9941, CVE-2025-4748
Properly strip the leading / and drive letter from
filepaths when zipping and unzipping archives.
Thanks to Wander Nauta for finding and responsibly
disclosing this vulnerability to the Erlang/OTP
project.
OTP-19667 Application(s): kernel, stdlib
Related Id(s): PR-9912
A remote shell can now exit by closing the input
stream, without terminating the remote node.
Full runtime dependencies of stdlib-5.2.3.4: compiler-5.0,
crypto-4.5, erts-13.1, kernel-9.0, sasl-3.0
---------------------------------------------------------------------
--- Thanks to -------------------------------------------------------
---------------------------------------------------------------------
Yaroslav Maslennikov
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
1 Like