Stay Secure with the Latest Linux Advisories

security advisoryFedoraCVE fix

Fedora 41: FEDORA-2025-d4cc30bdfb moderate: pnpm security fix

Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language- server to version 5.6.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d4cc30bdfb 2025-05-03 01:10:19.809503+00:00 -------------------------------------------------------------------------------- Name : nodejs-pnpm Product : Fedora 41 Version : 10.9.0 Release : 1.fc41 URL : https://pnpm.io Summary : Fast, disk space efficient package manager Description : A fast, disk space efficient package manager for NodeJS. -------------------------------------------------------------------------------- Update Information: Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language- server to version 5.6.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 24 2025 Andreas Schneider - 10.9.0-1 - Update to version 10.9.0 - Fixes CVE-2024-47829 - resolves: rhbz#2361976 * Thu Apr 24 2025 ErrorNoInternet - 10.8.1-1 - Update to version 10.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2361975 - CVE-2024-47829 nodejs-pnpm: pnpm uses the md5 path shortening function causes packet paths to coincide, which causes indirect packet overwriting [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2361975 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d4cc30bdfb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Fedora 41 introduces enhancements for pnpm and nodejs-bash-language-server, addressing CVE-2024-47829. Keep your setup secure!. NodeJS Package, Fedora 41 Update, pnpm Configuration, Security Advisory. . LinuxSecurity.com Team

May 03, 2025 Fedora