Aggregator

Version:next-20260114 (linux-next) Released:2026-01-14

It was discovered that AngularJS did not properly sanitize certain `xlink:href` attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-14863) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2022-25844) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. (CVE-2023-26116, CVE-2023-26117) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. (CVE-2025-0716)

FEDORA-EPEL-2026-9f805cbd8b Packages in this update:

• rpki-client-9.7-1.el10_1

Update description: rpki-client 9.7

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

FEDORA-EPEL-2026-ec249caf6e Packages in this update:

• rpki-client-9.7-1.el8

Update description: rpki-client 9.7

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

FEDORA-2026-0d27571013 Packages in this update:

• rpki-client-9.7-1.fc43

Update description: rpki-client 9.7

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

FEDORA-EPEL-2026-c3907ce405 Packages in this update:

• rpki-client-9.7-1.el10_2

Update description: rpki-client 9.7

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

FEDORA-2026-d2431d8ac0 Packages in this update:

• rpki-client-9.7-1.fc42

Update description: rpki-client 9.7

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

FEDORA-EPEL-2026-e8927bc057 Packages in this update:

• rpki-client-9.7-1.el9

Update description: rpki-client 9.7

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

FEDORA-EPEL-2026-aecc6f21f3 Packages in this update:

• cpp-httplib-0.30.1-5.el9

Update description: Update to 0.30.1

• Denial of service (DOS) using zip bomb (CVE-2026-22776)
• CRLF injection in http headers (CVE-2026-21428)
• Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)

FEDORA-EPEL-2026-1b5546a566 Packages in this update:

• cpp-httplib-0.30.1-5.el10_2

Update description: Update to 0.30.1

• Denial of service (DOS) using zip bomb (CVE-2026-22776)
• CRLF injection in http headers (CVE-2026-21428)
• Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)

FEDORA-2026-3b0e5b457d Packages in this update:

• cpp-httplib-0.30.1-5.fc42

Update description:

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h934-98h4-j43q

FEDORA-2026-e50e41fcea Packages in this update:

• cpp-httplib-0.30.1-5.fc43

Update description: Update to 0.30.1

• Denial of service (DOS) using zip bomb (CVE-2026-22776)
• CRLF injection in http headers (CVE-2026-21428)
• Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)

https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in urllib3 when decompressing zstd data. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package.

FEDORA-2026-de370822e0 Packages in this update:

• firefox-147.0-1.fc43

Update description:

• New upstream release (147.0)

FEDORA-2026-0136a5ab4e Packages in this update:

• firefox-147.0-1.fc42

Update description:

• New upstream release (147.0)

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

FEDORA-2026-009cb3c02a Packages in this update:

• mingw-python3-3.11.14-5.fc43

Update description:

Backport proposed fix for CVE-2025-13836.

FEDORA-2026-01a62f2cfd Packages in this update:

• mingw-python3-3.11.14-5.fc42

Update description:

Backport proposed fix for CVE-2025-13836.