Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 32 articles for you...
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraupdate

Fedora 42 nodejs Package Update Includes Patch for js-yaml Vulnerability

Update vendor bundle.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b8aad5411e 2026-03-17 02:11:42.422063+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 17.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Update vendor bundle. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 1.22.22-17 - Refresh vendor bundle -------------------------------------------------------------------------------- References: [ 1 ] Bug #2422491 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2422491 [ 2 ] Bug #2422506 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2422506 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b8aad5411e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Update vendor bundle in Fedora 42 yarnpkg to fix js-yaml prototype pollution issues for better security.. Fedora 42, yarnpkg, js-yaml, security update, dependency management. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 17, 2026 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasoftware patch

Fedora 44 yarnpkg Update Vendor Bundle Advisory FEDORA-2026-db0c5d039c

Update vendor bundle.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-db0c5d039c 2026-03-17 00:15:03.527046+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 44 Version : 1.22.22 Release : 17.fc44 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Update vendor bundle. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 7 2026 Sandro Mani - 1.22.22-17 - Refresh vendor bundle -------------------------------------------------------------------------------- References: [ 1 ] Bug #2422491 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2422491 [ 2 ] Bug #2422506 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2422506 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-db0c5d039c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Improve security and reliability on Fedora 44 with yarnpkg update vendor bundle for enhanced dependency management.. Fedora updates,yarnpkg security,dependency management,software patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Mar 17, 2026 Important Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoradependency management

Fedora 43 yarnpkg Advisory 2026-a75abb3f2b CVE-2025-13465 Medium Threat

Regenerate vendor tarball. Fixes CVE-2025-13465.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a75abb3f2b 2026-02-05 00:57:20.049070+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 43 Version : 1.22.22 Release : 16.fc43 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Regenerate vendor tarball. Fixes CVE-2025-13465. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Sandro Mani - 1.22.22-16 - Refresh bundle, fixes CVE-2025-13465 * Sat Jan 17 2026 Fedora Release Engineering - 1.22.22-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432997 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432997 [ 2 ] Bug #2433048 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433048 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a75abb3f2b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fixes prototype pollution in yarnpkg for Fedora 43 with the latest security advisory update addressing CVE-2025-13465.. Fedora 43 yarnpkg prototype pollution CVE-2025-13465 security update. . Severity: Medium. LinuxSecurity.com Team

Calendar 2 Feb 05, 2026 Medium Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisorydenial of servicefedora

Fedora 42: Critical CVE-2025-59343 Denial of Service Patch for yarnpkg

Fix CVE-2025-59343.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-418da1e0e6 2025-10-09 00:49:10.842770+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 12.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-59343. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 30 2025 Sandro Mani - 1.22.22-12 - Regenerate bundle, fixes CVE-2025-59343 - Patch out eslint and commitizen devDependencies to reduce dependencies -------------------------------------------------------------------------------- References: [ 1 ] Bug #2397971 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2397971 [ 2 ] Bug #2397973 - CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2397973 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-418da1e0e6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical update for yarnpkg in Fedora 42 addresses CVE-2025-59343 to improve dependency management security.. yarnpkg security Fedora dependency management update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Oct 09, 2025 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoradependency management

Fedora 42 yarnpkg Security Advisory for CVE-2025-8262 CVE-2025-7783

Apply fixes for CVE-2025-8262 and CVE-2025-7783.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-cf39a93e95 2025-08-08 00:53:07.923982+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 11.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Apply fixes for CVE-2025-8262 and CVE-2025-7783. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 30 2025 Sandro Mani - 1.22.22-11 - Refresh bundle - Drop patches obsoleted by new bundle - Add yarn-update-jest.prebundle.patch to update jest and avoid some vulerable dependencies - Apply fixes for CVE-2025-8262 and CVE-2025-8263 * Fri Jul 25 2025 Fedora Release Engineering - 1.22.22-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2382001 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2382001 [ 2 ] Bug #2382007 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2382007 [ 3 ] Bug #2382017 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2382017 [ 4 ] Bug #2382027 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382027 [ 5 ] Bug #2383877 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2383877 [ 6 ] Bug #2383879 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2383879 [ 7 ] Bug #2383880 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2383880 [ 8 ] Bug #2383881 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2383881 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-cf39a93e95' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . To address vulnerabilities CVE-2025-8262 and CVE-2025-7783 in yarnpkg, follow these steps to ensure proper functionality and security during updates. Fedora, Yarnpkg, CVE-2025-8262, CVE-2025-7783, security updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Aug 08, 2025 Important Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedorasecurity fix

Fedora 42: 2025-96ff8c2897 important: yarnpkg pbkdf2 key material

Update bundled pbkdf2 library.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-96ff8c2897 2025-07-04 00:01:57.047516+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 9.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Update bundled pbkdf2 library. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 24 2025 Sandro Mani - 1.22.22-9 - Add CVE-2025-6545_6547.prebundle.patch and regenerate bundle. Fixes CVE-2025-6545 and CVE-2025-6547. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2374429 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2374429 [ 2 ] Bug #2374433 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2374433 [ 3 ] Bug #2374438 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2374438 [ 4 ] Bug #2374443 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2374443 [ 5 ] Bug #2374450 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2374450 [ 6 ] Bug #2374455 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2374455 [ 7 ] Bug #2374462 - CVE-2025-6547 yarnpkg:pbkdf2 silently returns static keys [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2374462 [ 8 ] Bug #2374465 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2374465 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-96ff8c2897' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Significant update for yarnpkg in Fedora 42 bolsters scrypt encryption library protection, addressing multiple security flaws.. yarnpkg security update,fedora 42 advisory,dependency management threat. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jul 04, 2025 Important Fedora
Banner 3 1028x280 1708121785 1771599793
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoraimportant

Fedora 41 FEDORA-2025-ad2565414f critical: yarnpkg tar-fs issue

Fix CVE-2025-48387.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-ad2565414f 2025-06-13 01:33:33.927658+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 41 Version : 1.22.22 Release : 8.fc41 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-48387. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Sandro Mani - 1.22.22-8 - Refresh bundle tarball for CVE-2025-48387 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369950 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2369950 [ 2 ] Bug #2369951 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2369951 [ 3 ] Bug #2369953 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369953 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-ad2565414f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . The resolution for CVE-2025-48387 within yarnpkg strengthens secure package handling on Fedora systems.. yarnpkg security, Fedora update, CVE-2025-48387, dependency management, Fedora 41. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 13, 2025 Critical Fedora
89
Ls Advisories Fedora Esm H240
Price Tag 1security advisoryfedoracritical

Fedora 42: FEDORA-2025-732290e75c critical: yarnpkg tar-fs issue

Fix CVE-2025-48387.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-732290e75c 2025-06-13 01:02:12.682800+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 8.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Fix CVE-2025-48387. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 4 2025 Sandro Mani - 1.22.22-8 - Refresh bundle tarball for CVE-2025-48387 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2369950 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2369950 [ 2 ] Bug #2369951 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2369951 [ 3 ] Bug #2369953 - CVE-2025-48387 yarnpkg: tar-fs has issue where extract can write outside the specified dir with a specific tarball [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2369953 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-732290e75c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Important patch for yarnpkg tackles CVE-2025-48387 in Fedora 42. Vital security enhancement for handling dependencies.. yarnpkg security fix, Fedora 42 advisory, CVE-2025-48387 patch, dependency management update. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 13, 2025 Critical Fedora
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here