Patch Package: OTP 27.3.3
Git Tag: OTP-27.3.3
Date: 2025-04-16
Trouble Report Id: OTP-19581, OTP-19582, OTP-19585, OTP-19592,
OTP-19595
Seq num: CVE-2025-32433, ERIERL-1219, ERIERL-1222,
PR-9566, PR-9679, PR-9706
System: OTP
Release: 27
Application: erts-15.2.6, kernel-10.2.6, megaco-4.7.2,
ssh-5.2.10, ssl-11.2.12
Predecessor: OTP 27.3.2
Check out the git tag OTP-27.3.3, and build a full OTP system including
documentation. Apply one or more applications from this build as patches to your
installation using the 'otp_patch_apply' tool. For information on install
requirements, see descriptions for each application version below.
# erts-15.2.6
The erts-15.2.6 application can be applied independently of other applications
on a full OTP 27 installation.
## Fixed Bugs and Malfunctions
- Fixed bug in `call_memory` tracing that could cause wildly incorrect reported
memory values. Bug exists since OTP 27.1.
Also fixed return type spec of trace:info/3.
Own Id: OTP-19581
Related Id(s): ERIERL-1219, PR-9706
> #### Full runtime dependencies of erts-15.2.6
>
> kernel-9.0, sasl-3.3, stdlib-4.1
# kernel-10.2.6
Note! The kernel-10.2.6 application _cannot_ be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- erts-15.2.5 (first satisfied in OTP 27.3.2)
## Fixed Bugs and Malfunctions
- Fixed bug in `call_memory` tracing that could cause wildly incorrect reported
memory values. Bug exists since OTP 27.1.
Also fixed return type spec of trace:info/3.
Own Id: OTP-19581
Related Id(s): ERIERL-1219, PR-9706
> #### Full runtime dependencies of kernel-10.2.6
>
> crypto-5.0, erts-15.2.5, sasl-3.0, stdlib-6.0
# megaco-4.7.2
The megaco-4.7.2 application can be applied independently of other applications
on a full OTP 27 installation.
## Fixed Bugs and Malfunctions
- Corrected type spec for type mid().
Own Id: OTP-19585
Related Id(s): ERIERL-1222
> #### Full runtime dependencies of megaco-4.7.2
>
> asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14,
> stdlib-2.5
# ssh-5.2.10
The ssh-5.2.10 application can be applied independently of other applications on
a full OTP 27 installation.
## Fixed Bugs and Malfunctions
- Reception of wrong Unicode does not cause unnecessary processing. US-ASCII
fields are not decoded as Unicode.
Own Id: OTP-19582
Related Id(s): PR-9679
- SSH daemon disconnects upon receiving connection protocol message for
unauthenticated used.
Thanks to Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, Nurullah Erinola,
Jörg Schwenk (Ruhr University Bochum).
Own Id: OTP-19595
Related Id(s): CVE-2025-32433
> #### Full runtime dependencies of ssh-5.2.10
>
> crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1,
> stdlib-5.0, stdlib-6.0
# ssl-11.2.12
Note! The ssl-11.2.12 application _cannot_ be applied independently of other
applications on an arbitrary OTP 27 installation.
On a full OTP 27 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.16.4 (first satisfied in OTP 27.1.3)
## Improvements and New Features
- Lower log level for user cancelation as this is not an error case. Also handle
possible undecrypted close alert during TLS-1.3 handshake.
Own Id: OTP-19592
Related Id(s): PR-9566
> #### Full runtime dependencies of ssl-11.2.12
>
> crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4,
> runtime_tools-1.15.1, stdlib-6.0
# Thanks to
Simon Cornish
1 Like