Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: FEDORA-2024-eef12396fc moderate: Yarnpkg RDoS Risk

fedora
Calendar Grey July 13, 2024
Dist Fedora Esm H88
Debian Package Notification for yarnpkg tackles security vulnerability CVE-2024-4067 with prompt backport resolution and comprehensive information.
Backport fix for CVE-2024-4067.

Summary

Fast, reliable, and secure dependency management.

Update Information:

Backport fix for CVE-2024-4067.

Topics%20covered

Topics Covered

security advisory security update Fedora yarnpkg CVE-2024-4067 Regular Expression Denial of Service

Change Log

* Thu Jul 4 2024 Sandro Mani - 1.22.22-2 - Backport patch for CVE-2024-4067

References


[ 1 ] Bug #2280786 - CVE-2024-4067 yarnpkg: micromatch: vulnerable to Regular Expression Denial of Service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2280786

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-eef12396fc' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: yarnpkg
Product: Fedora 40
Version: 1.22.22
Release: 2.fc40
URL: https://github.com/yarnpkg/yarn
Summary: Fast, reliable, and secure dependency management.

Topics%20covered

Topics Covered

security advisory security update Fedora yarnpkg CVE-2024-4067 Regular Expression Denial of Service

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here