Stay Vigilant with Timely Linux Security Advisories

security advisoryfedoracritical

Fedora 44 yarnpkg Critical Remote Code Exec Fix FEDORA-2026-8d34161d90

Refresh vendor bundle, fixes CVE-2026-4800.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-8d34161d90 2026-04-25 01:21:36.171727+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 44 Version : 1.22.22 Release : 18.fc44 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Refresh vendor bundle, fixes CVE-2026-4800. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Sandro Mani - 1.22.22-18 - Add yarn-jsyaml4.patch - Refresh vendor bundle, fixes CVE-2026-4800 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2454058 - CVE-2026-4800 yarnpkg: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454058 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8d34161d90' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix for yarnpkg in Fedora 44 addressing CVE-2026-4800 vulnerability related to remote code execution issues.. Fedora 44 yarnpkg security remote code execution fix. . Severity: Critical. LinuxSecurity.com Team

Apr 25, 2026 •Critical Fedora

security advisoryfedoracode execution

Fedora 43 yarnpkg Important Code Exec Fix CVE-2026-4800 2026-085abeea02

Refresh vendor bundle, fixes CVE-2026-4800. Update vendor bundle.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-085abeea02 2026-04-12 15:36:52.829598+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 43 Version : 1.22.22 Release : 18.fc43 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Refresh vendor bundle, fixes CVE-2026-4800. Update vendor bundle. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2026 Sandro Mani - 1.22.22-18 - Add yarn-jsyaml4.patch - Refresh vendor bundle, fixes CVE-2026-4800 * Sat Mar 7 2026 Sandro Mani - 1.22.22-17 - Refresh vendor bundle -------------------------------------------------------------------------------- References: [ 1 ] Bug #2422491 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2422491 [ 2 ] Bug #2422506 - CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2422506 [ 3 ] Bug #2454058 - CVE-2026-4800 yarnpkg: lodash: Arbitrary code execution via untrusted input in template imports [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2454058 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-085abeea02' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages aresigned with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Tackling CVE-2026-4800 in Fedora 43 by using yarnpkg update for improved security and protection against vulnerabilities. Fedora 43,yarnpkg,CVE-2026-4800,security update,dependency management. . Severity: Important. LinuxSecurity.com Team

Apr 12, 2026 •Important Fedora

Banner 2 1028x280 1708121730 1 1771599631

security advisoryfedoraupdate

Fedora 42 yarnpkg Critical Prototype Pollution Fix FEDORA-2026-2809f801f3

Regenerate vendor tarball. Fixes CVE-2025-13465.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-2809f801f3 2026-02-06 01:09:06.041440+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 16.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Regenerate vendor tarball. Fixes CVE-2025-13465. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Sandro Mani - 1.22.22-16 - Refresh bundle, fixes CVE-2025-13465 * Sat Jan 17 2026 Fedora Release Engineering - 1.22.22-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432997 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432997 [ 2 ] Bug #2433048 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433048 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2809f801f3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fix for prototype pollution in yarnpkg enhances dependency management security in Fedora 42 with critical update CARE-2026-2809f801f3.. Fedora 42 yarnpkg patch, Yarnpkg security fix, Prototype pollution Fedora. . Severity: Critical. LinuxSecurity.com Team

Feb 06, 2026 •Critical Fedora

security advisoryfedoradependency management

Fedora 43 yarnpkg Advisory 2026-a75abb3f2b CVE-2025-13465 Medium Threat

Regenerate vendor tarball. Fixes CVE-2025-13465.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a75abb3f2b 2026-02-05 00:57:20.049070+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 43 Version : 1.22.22 Release : 16.fc43 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Regenerate vendor tarball. Fixes CVE-2025-13465. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 27 2026 Sandro Mani - 1.22.22-16 - Refresh bundle, fixes CVE-2025-13465 * Sat Jan 17 2026 Fedora Release Engineering - 1.22.22-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2432997 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2432997 [ 2 ] Bug #2433048 - CVE-2025-13465 yarnpkg: prototype pollution in _.unset and _.omit functions [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2433048 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a75abb3f2b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new . Fixes prototype pollution in yarnpkg for Fedora 43 with the latest security advisory update addressing CVE-2025-13465.. Fedora 43 yarnpkg prototype pollution CVE-2025-13465 security update. . Severity: Medium. LinuxSecurity.com Team

Feb 05, 2026 •Medium Fedora

security advisoryfedoraimportant

Fedora 42: yarnpkg Command Injection Fix CVE-2025-64756 Advisory

Fix CVE-2205-64756.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-4be1cd8390 2025-12-12 01:45:35.303647+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 42 Version : 1.22.22 Release : 14.fc42 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Fix CVE-2205-64756. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 3 2025 Sandro Mani - 1.22.22-14 - Bump release * Wed Dec 3 2025 Sandro Mani - 1.22.22-13 - Refresh bundle, fixes CVE-2025-64756 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2418529 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2418529 [ 2 ] Bug #2418532 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418532 [ 3 ] Bug #2418538 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418538 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-4be1cd8390' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details onthe GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Critical fix for yarnpkg in Fedora 42 to address CVE-2025-64756 command injection risk. Update recommended.. Fedora 42,yarnpkg,command injection,CVE-2025-64756. . Severity: Important. LinuxSecurity.com Team

Dec 12, 2025 •Important Fedora

security advisoryfedoracritical

Fedora 43: yarnpkg Critical Command Injection Fix CVE-2205-64756

Fix CVE-2205-64756.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-de6cf573f0 2025-12-12 01:32:22.208971+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 43 Version : 1.22.22 Release : 14.fc43 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Fix CVE-2205-64756. -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 3 2025 Sandro Mani - 1.22.22-14 - Refresh bundle, fixes CVE-2025-64756 * Tue Nov 11 2025 Tomas Juhasz - 1.22.22-13 - Rebuilt for nodejs-packaging -------------------------------------------------------------------------------- References: [ 1 ] Bug #2418529 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2418529 [ 2 ] Bug #2418532 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2418532 [ 3 ] Bug #2418538 - CVE-2025-64756 yarnpkg: glob CLI: Command injection via -c/--cmd executes matches with shell:true [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2418538 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-de6cf573f0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. Moredetails on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Update for Fedora 43 addresses a critical command injection issue in yarnpkg, potentially impacting system security.. Fedora 43 yarnpkg security fix CVE-2205-64756 command injection. . Severity: Critical. LinuxSecurity.com Team

Dec 12, 2025 •Critical Fedora

security advisoryfedoraunsafe function

Debian 12: yarnpkg Vulnerability Report CVE-2025-8263 CVE-2025-7784

Apply fixes for CVE-2025-8262 and CVE-2025-7783.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-b19f3ed5f4 2025-08-08 01:11:45.710107+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 41 Version : 1.22.22 Release : 11.fc41 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Apply fixes for CVE-2025-8262 and CVE-2025-7783. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 30 2025 Sandro Mani - 1.22.22-11 - Refresh bundle - Drop patches obsoleted by new bundle - Add yarn-update-jest.prebundle.patch to update jest and avoid some vulerable dependencies - Apply fixes for CVE-2025-8262 and CVE-2025-8263 * Fri Jul 25 2025 Fedora Release Engineering - 1.22.22-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2382001 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2382001 [ 2 ] Bug #2382007 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2382007 [ 3 ] Bug #2382017 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2382017 [ 4 ] Bug #2382027 - CVE-2025-7783 yarnpkg: Unsafe random function in form-data [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2382027 [ 5 ] Bug #2383877 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-10] https://bugzilla.redhat.com/show_bug.cgi?id=2383877 [ 6 ] Bug #2383879 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2383879 [ 7 ] Bug #2383880 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2383880 [ 8 ] Bug #2383881 - CVE-2025-8262 yarnpkg: Yarn Regex Complexity Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2383881 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-b19f3ed5f4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . To address CVE-2025-8262 and CVE-2025-7783 in yarnpkg for Fedora 41, follow steps to implement essential security patches effectively. dependency management,yarnpkg,Fedora 41,CVE-2025-8262,CVE-2025-7783. . Severity: Important. LinuxSecurity.com Team

Aug 08, 2025 •Important Fedora

security advisoryfedoraupdate

Fedora 41: FEDORA-2025-d3dee9f37d critical: yarnpkg pbkdf2 library fix

Update bundled pbkdf2 library.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d3dee9f37d 2025-07-05 01:45:24.506251+00:00 -------------------------------------------------------------------------------- Name : yarnpkg Product : Fedora 41 Version : 1.22.22 Release : 9.fc41 URL : https://github.com/yarnpkg/yarn Summary : Fast, reliable, and secure dependency management. Description : Fast, reliable, and secure dependency management. -------------------------------------------------------------------------------- Update Information: Update bundled pbkdf2 library. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 24 2025 Sandro Mani - 1.22.22-9 - Add CVE-2025-6545_6547.prebundle.patch and regenerate bundle. Fixes CVE-2025-6545 and CVE-2025-6547. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2374429 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2374429 [ 2 ] Bug #2374433 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2374433 [ 3 ] Bug #2374438 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2374438 [ 4 ] Bug #2374443 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2374443 [ 5 ] Bug #2374450 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2374450 [ 6 ] Bug #2374455 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2374455 [ 7 ] Bug #2374462 - CVE-2025-6547 yarnpkg:pbkdf2 silently returns static keys [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2374462 [ 8 ] Bug #2374465 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2374465 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-d3dee9f37d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it. Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue . Important patch for yarnpkg in Fedora addressing vulnerabilities in the pbkdf2 library. Immediate upgrade suggested.. Fedora Update,yarnpkg security,dependency management fix,pbkdf2 issue. . Severity: Critical. LinuxSecurity.com Team

Jul 05, 2025 •Critical Fedora

Community Poll

More Polls

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

Fedora 44 yarnpkg Critical Remote Code Exec Fix FEDORA-2026-8d34161d90

Fedora 43 yarnpkg Important Code Exec Fix CVE-2026-4800 2026-085abeea02

Fedora 42 yarnpkg Critical Prototype Pollution Fix FEDORA-2026-2809f801f3

Fedora 43 yarnpkg Advisory 2026-a75abb3f2b CVE-2025-13465 Medium Threat

Fedora 42: yarnpkg Command Injection Fix CVE-2025-64756 Advisory

Fedora 43: yarnpkg Critical Command Injection Fix CVE-2205-64756

Debian 12: yarnpkg Vulnerability Report CVE-2025-8263 CVE-2025-7784

Fedora 41: FEDORA-2025-d3dee9f37d critical: yarnpkg pbkdf2 library fix

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Fedora 43 hplip Major Update Addressing Possible Arbitrary Code Execution

Oracle Linux 8 Important Kernel Security Advisory ELSA-2026-21706

Oracle Linux 8 httpd Important Denial of Service Vuln ELSA-2026-22140

Oracle Linux 8 ELSA-2026-22315 compat-openssl10 Moderate DoS Fix

Oracle Linux 8 gnutls Important Buffer Overflow Auth Bypass ELSA-2026-20611

Ubuntu 20.04 LTS nginx Security Advisory for Critical DoS Vulnerabilities

Ubuntu 20.04 LTS MySQL Important Security Issues USN-8363-2

Ubuntu 20.04 LTS GStreamer Base Significant DoS Attack Vulnerability Alert

Ubuntu 26.04 LTS python-pip Moderate DoS Regression Fix USN-8344-3

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!