Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Ubuntu 22.04: 2023-24jd135678 High: Npmjs Code Injection Risk

fedora
Calendar Grey January 21, 2023
Dist Fedora Esm H88
Boost software security and stability in Fedora 36 by applying yarnpkg security advisories, keeping updated, and adopting secure coding practices to safeguard integrity
Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677

Summary

Fast, reliable, and secure dependency management.

Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677

* Wed Jan 11 2023 Sandro Mani - 1.22.19-3

- Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677

[ 1 ] Bug #2127008 - CVE-2021-43138 yarnpkg: async: Prototype Pollution in async [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2127008

[ 2 ] Bug #2127351 - CVE-2020-7677 yarnpkg: thenify: Arbitrary Code Execution in thenify [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2127351

[ 3 ] Bug #2135472 - CVE-2022-3517 yarnpkg: nodejs-minimatch: ReDoS via the braceExpand function [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2135472

su -c 'dnf upgrade --advisory FEDORA-2023-18fd476362' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Change Log

References

Update Instructions

Product: Fedora 36
Version: 1.22.19
Release: 3.fc36
Summary: Fast, reliable, and secure dependency management.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.