Important: Red Hat Security Advisory: MTV RHEL9 Images

Updated Release packages that fix several bugs and add various enhancements are now available. Migration Toolkit for Virtualization Images...

CVE-2018-12556

The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any arbitrary key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn...