Fedora Security Advisories

• jq-1.8.1-3.fc44

Fixes CVE-2026-32316 Fixes CVE-2026-33947 Fixes CVE-2026-39956 Fixes CVE-2026-39979 Fixes CVE-2026-40164

Fixes <skipped: too deep> bug https://github.com/jqlang/jq/issues/3413

• jq-1.8.1-3.fc43

Fixes CVE-2026-32316 Fixes CVE-2026-33947 Fixes CVE-2026-39956 Fixes CVE-2026-39979 Fixes CVE-2026-40164

Fixes <skipped: too deep> bug https://github.com/jqlang/jq/issues/3413

• tigervnc-1.16.2-2.fc42

Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

• tigervnc-1.16.2-2.fc43

Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

• rpki-client-9.8-1.el10_3

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.fc42

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.el9

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.el8

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.fc43

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.el10_1

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.el10_2

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• rpki-client-9.8-1.fc44

• Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling.
• Fixed an accounting issue in HTTP gzip compression detection.
• Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings.
• Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22.
• Ensure that a repository timeout correctly stops repository processing.
• Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7's .ccr files and vice versa.
• Fixed an issue in the parser for the locally configured constraints.
• A malicious RRDP Publication Server can cause a NULL dereference.
• A malicious RPKI Publication Server can cause an incorrect error exit.

• python-cairosvg-2.9.0-1.el10_1

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• python-cairosvg-2.9.0-1.el10_3

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• python-cairosvg-2.7.0-2.el9

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• python-cairosvg-2.9.0-1.el10_2

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• python-cairosvg-2.9.0-1.fc42

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• python-cairosvg-2.9.0-1.fc44

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• python-cairosvg-2.9.0-1.fc43

Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c

Exponential DoS via recursive <use> element amplification

• xorg-x11-server-Xwayland-24.1.10-1.fc42

Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003