Yocto 4.0.4 is a maintenance release for the Kirkstone series, primarily focused on Security Fixes for various system utilities and libraries.
: Resolves three vulnerabilities (CVE-2022-30552, CVE-2022-33967, and CVE-2022-33103) impacting bootloader security.
If you are managing an environment using these packages, follow these remediation steps to ensure a clean update: Yep 4.0.4 fix
: Patches CVE-2022-35252 to improve the security of data transfers.
The following critical CVEs (Common Vulnerabilities and Exposures) have been patched in this version: Yocto 4
: Includes fixes for libxml2 , libtiff , zlib , and gnutls to mitigate various memory and processing exploits. Recommended Actions for Developers
: Fixes CVE-2022-35737 to prevent potential crashes or data corruption during database operations. vulnerable artifacts from persisting.
: Run a clean command (e.g., npm cache clean or your build system's equivalent) to prevent old, vulnerable artifacts from persisting.