Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 41: yarnpkg 2024-362915851c Security Advisory Updates

fedora
Calendar Grey October 26, 2024
Dist Fedora Esm H88
Update notifications for yarnpkg to address multiple security flaws on Fedora 41. Ensure your system is secure with timely updates!
Update bundled ws (CVE-2024-37890) Update bundled elliptic to fix CVE-2024-48949.

Summary

Fast, reliable, and secure dependency management.

Update Information:

Update bundled ws (CVE-2024-37890) Update bundled elliptic to fix CVE-2024-48949.

Topics%20covered

Topics Covered

No topics assigned

Change Log

* Tue Oct 15 2024 Sandro Mani - 1.22.22-5 - Update bundled ws (CVE-2024-37890) * Thu Oct 10 2024 Sandro Mani - 1.22.22-4 - Update bundled elliptic (CVE-2024-48949)

References


[ 1 ] Bug #2303429 - CVE-2024-37890 yarnpkg: denial of service when handling a request with many HTTP headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2303429 [ 2 ] Bug #2317790 - CVE-2024-48949 yarnpkg: Missing Validation in Elliptic's EDDSA Signature Verification [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2317790

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-362915851c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: yarnpkg
Product: Fedora 41
Version: 1.22.22
Release: 5.fc41
URL: https://github.com/yarnpkg/yarn
Summary: Fast, reliable, and secure dependency management.

Topics%20covered

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here