[Koha] Erlang/OTP SSH (CVE-2025-32433) - is rabbitmq-server affected?
Justin Dowswell
justin.dowswell at tenantsunion.org.au
Mon Apr 28 13:11:30 NZST 2025
Hey everyone,
Been flagged by my VPS provider that our Koha instance may be affected by
this vulnerability. It seems rabbitmq-server has some OTP dependencies,
though not the erlang-ssh package.
Here is the official advisory:
https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2
On my koha instance these erlang packages are installed:
erlang-asn1
erlang-base
erlang-crypto
erlang-eldap
erlang-ftp
erlang-inets
erlang-mnesia
erlang-os-mon
erlang-parsetools
erlang-public-key
erlang-runtime-tools
erlang-snmp
erlang-ssl
erlang-syntax-tools
erlang-tftp
erlang-tools
erlang-xmerl
So to me it looks like this flag is a false positive, but thought best to
reach out here.
Thanks in advance,
Justin Dowswell (he/him)
Technology Coordinator
Tenants' Union of NSW
02 8117 3721
--
*The Tenants’ Union of NSW recognises that Aboriginal and Torres Strait
Islander peoples are the First Peoples of Australia. Our office is on the
lands of the Gadigal of the Eora Nation. We are committed to respecting
Aboriginal and Torres Strait Islander peoples, cultures, lands, and
histories as we battle for tenants’ rights in NSW. Read our full
Acknowledgement of Country
<https://www.tenants.org.au/tu/acknowledgement-country>*
*.*
<https://www.tenants.org.au/> <https://rentingfair.org.au/>
<https://www.facebook.com/TUNSW/> <https://twitter.com/TUNSW>
<https://www.youtube.com/channel/UCEkW8D86OVVAV0QedKFhl9w>
tenants.org.au
<https://www.tenants.org.au/>
This email transmission is intended only for
the addressee and may contain confidential or privileged information.
Confidentiality and privilege are not waived if you are not the intended
recipient of the email, nor may you use, review, disclose, disseminate or
copy any information contained or attached to it. If you received this
email in error please delete it and any attachments and notify us
immediately by return email.
Tenants' Union of NSW can only provide
information and advice in the New South Wales and Commonwealth
jurisdictions. If you are enquiring from another state or territory please
contact your local community legal centre.
More information about the Koha
mailing list