Fedora Security Advisories

• freerdp-3.20.2-1.fc42

Update to 3.20.2

• freerdp-3.20.2-1.fc43

Update to 3.20.2

• assimp-5.3.1-6.fc42

Backport fix for CVE-2025-11277.

• rclone-1.72.1-1.fc42

Update to 1.72.1

• rclone-1.72.1-1.fc43

Update to 1.72.1

• rclone-1.72.1-1.el10_2

Update to 1.72.1

• rclone-1.72.1-1.el10_1

Update to 1.72.1

• rust-rkyv0.7-0.7.46-1.el9
• rust-rkyv_derive0.7-0.7.46-1.el9

https://rustsec.org/advisories/RUSTSEC-2026-0001

• rust-rkyv0.7-0.7.46-1.el10_1
• rust-rkyv_derive0.7-0.7.46-1.el10_1

https://rustsec.org/advisories/RUSTSEC-2026-0001

• rust-rkyv0.7-0.7.46-1.el10_2
• rust-rkyv_derive0.7-0.7.46-1.el10_2

https://rustsec.org/advisories/RUSTSEC-2026-0001

• rust-rkyv0.7-0.7.46-1.fc42
• rust-rkyv_derive0.7-0.7.46-1.fc42

https://rustsec.org/advisories/RUSTSEC-2026-0001

• rust-rkyv0.7-0.7.46-1.fc43
• rust-rkyv_derive0.7-0.7.46-1.fc43

https://rustsec.org/advisories/RUSTSEC-2026-0001

• rust-rkyv0.7-0.7.46-1.fc44
• rust-rkyv_derive0.7-0.7.46-1.fc44

https://rustsec.org/advisories/RUSTSEC-2026-0001

• rpki-client-9.7-1.el10_1

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

• rpki-client-9.7-1.el8

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

• rpki-client-9.7-1.fc43

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

• rpki-client-9.7-1.el10_2

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

• rpki-client-9.7-1.fc42

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

• rpki-client-9.7-1.el9

• The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
• Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
• Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
• Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

• cpp-httplib-0.30.1-5.el9

• Denial of service (DOS) using zip bomb (CVE-2026-22776)
• CRLF injection in http headers (CVE-2026-21428)
• Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577)