Yarnpkg update for Fedora 41

Fedora Linux 9012 Published 2025-07-05 06:22 by Philipp Esselbach

News

A yarnpkg update has been released for Fedora Linux 41:

Fedora 41 Update: yarnpkg-1.22.22-9.fc41

[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-9.fc41

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-d3dee9f37d
2025-07-05 01:45:24.506251+00:00
--------------------------------------------------------------------------------

Name : yarnpkg
Product : Fedora 41
Version : 1.22.22
Release : 9.fc41
URL : https://github.com/yarnpkg/yarn
Summary : Fast, reliable, and secure dependency management.
Description :
Fast, reliable, and secure dependency management.

--------------------------------------------------------------------------------
Update Information:

Update bundled pbkdf2 library.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 24 2025 Sandro Mani [manisandro@gmail.com] - 1.22.22-9
- Add CVE-2025-6545_6547.prebundle.patch and regenerate bundle. Fixes CVE-2025-6545 and CVE-2025-6547.
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2374429 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2374429
[ 2 ] Bug #2374433 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2374433
[ 3 ] Bug #2374438 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2374438
[ 4 ] Bug #2374443 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2374443
[ 5 ] Bug #2374450 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2374450
[ 6 ] Bug #2374455 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2374455
[ 7 ] Bug #2374462 - CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374462
[ 8 ] Bug #2374465 - CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2374465
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-d3dee9f37d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

Fort Firewall 3.18.7 released

Varnish, Pandoc, Ruby, and more updates for AlmaLinux

Yarnpkg update for Fedora 41

[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-9.fc41

Windows

Linux

macOS

Community