ASA-202506-8 log raw

[ASA-202506-8] erlang: arbitrary file overwrite
Arch Linux Security Advisory ASA-202506-8 ========================================= Severity: Medium Date : 2025-06-19 CVE-ID : CVE-2025-4748 Package : erlang Type : arbitrary file overwrite Remote : No Link : https://security.archlinux.org/AVG-2900 Summary ======= The package erlang before version 28.0.1-1 is vulnerable to arbitrary file overwrite. Resolution ========== Upgrade to 28.0.1-1. # pacman -Syu "erlang>=28.0.1-1" The problem has been fixed upstream in version 28.0.1. Workaround ========== None. Description =========== Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. Impact ====== A local attacker can create or overwrite arbitrary files writable by the Erlang VM. References ========== https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc https://cna.erlef.org/cves/cve-2025-4748.html https://github.com/erlang/otp/pull/9941 https://security.archlinux.org/CVE-2025-4748

[ASA-202506-8] erlang: arbitrary file overwrite

Arch Linux Security Advisory ASA-202506-8 ========================================= Severity: Medium Date : 2025-06-19 CVE-ID : CVE-2025-4748 Package : erlang Type : arbitrary file overwrite Remote : No Link : https://security.archlinux.org/AVG-2900 Summary ======= The package erlang before version 28.0.1-1 is vulnerable to arbitrary file overwrite. Resolution ========== Upgrade to 28.0.1-1. # pacman -Syu "erlang>=28.0.1-1" The problem has been fixed upstream in version 28.0.1. Workaround ========== None. Description =========== Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. Impact ====== A local attacker can create or overwrite arbitrary files writable by the Erlang VM. References ========== https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc https://cna.erlef.org/cves/cve-2025-4748.html https://github.com/erlang/otp/pull/9941 https://security.archlinux.org/CVE-2025-4748