Fedora Linux is making its move to upgrade its package manager for its future release, 37. A new proposal has been made for upgrading the package manager to Red Hat Package Manager 4.18, which is currently in alpha state.
Fixes the symlink problems
Updating the RPM to a newer version will bring new features in addition to extra security
The main reason for the updating proposal is security. In RPM 4.18 alpha notes there are a lot of bug fixes alongside symlink handling related issues, that cause the CVE-2021-35939 security flaw. This flaw is defined as “Checks for unsafe symlinks are not performed for intermediary directories” on the Red Hat Bugzilla article page which also states that the bug was reported at the end of May 2021.
The new Red Hat Package Manager version brings some additional features as well such as a new interactive shell for working with embedded macros and LUA. It also brings a new %conf spec section for build configuration alongside the new rpmuncompress CLI tool for simplifying unpacking multiple sources.
Currently, Fedora 36 is in the beta state to be released on 19 April 2022 and Fedora 37 is set to be released in the middle of October this year.