freerdp-3.20.2-1.fc43
FEDORA-2026-79f923d917
Packages in this update:
- freerdp-3.20.2-1.fc43
Update to 3.20.2
Aggregator
USN-7960-1: Rack vulnerabilities
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771)
It was discovered that Rack did not properly handle certain headers. An
attacker could possibly use this issue to bypass proxy access
restrictions and obtain sensitive information. (CVE-2025-61780)
Tomoya Yamashita discovered that Rack did not properly manage memory
under certain circumstances. An attacker could possibly use this issue to
cause memory exhaustion, leading to a denial of service. This issue was
only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 25.10. (CVE-2025-61919)
assimp-5.3.1-6.fc42
FEDORA-2026-7069f6c1c8
Packages in this update:
- assimp-5.3.1-6.fc42
Backport fix for CVE-2025-11277.
rclone-1.72.1-1.fc42
FEDORA-2026-b4a6ca0bd0
Packages in this update:
- rclone-1.72.1-1.fc42
Update to 1.72.1
rclone-1.72.1-1.fc43
FEDORA-2026-3de3ece93a
Packages in this update:
- rclone-1.72.1-1.fc43
Update to 1.72.1
rclone-1.72.1-1.el10_2
FEDORA-EPEL-2026-6523bfceaf
Packages in this update:
- rclone-1.72.1-1.el10_2
Update to 1.72.1
rclone-1.72.1-1.el10_1
FEDORA-EPEL-2026-082c111817
Packages in this update:
- rclone-1.72.1-1.el10_1
Update to 1.72.1
rust-rkyv0.7-0.7.46-1.el9 rust-rkyv_derive0.7-0.7.46-1.el9
FEDORA-EPEL-2026-e04f9da1af
Packages in this update:
- rust-rkyv0.7-0.7.46-1.el9
- rust-rkyv_derive0.7-0.7.46-1.el9
rust-rkyv0.7-0.7.46-1.el10_1 rust-rkyv_derive0.7-0.7.46-1.el10_1
FEDORA-EPEL-2026-b967c7e19e
Packages in this update:
- rust-rkyv0.7-0.7.46-1.el10_1
- rust-rkyv_derive0.7-0.7.46-1.el10_1
rust-rkyv0.7-0.7.46-1.el10_2 rust-rkyv_derive0.7-0.7.46-1.el10_2
FEDORA-EPEL-2026-80d7c1ec10
Packages in this update:
- rust-rkyv0.7-0.7.46-1.el10_2
- rust-rkyv_derive0.7-0.7.46-1.el10_2
rust-rkyv0.7-0.7.46-1.fc42 rust-rkyv_derive0.7-0.7.46-1.fc42
FEDORA-2026-801214adba
Packages in this update:
- rust-rkyv0.7-0.7.46-1.fc42
- rust-rkyv_derive0.7-0.7.46-1.fc42
rust-rkyv0.7-0.7.46-1.fc43 rust-rkyv_derive0.7-0.7.46-1.fc43
FEDORA-2026-35d1dee2ab
Packages in this update:
- rust-rkyv0.7-0.7.46-1.fc43
- rust-rkyv_derive0.7-0.7.46-1.fc43
rust-rkyv0.7-0.7.46-1.fc44 rust-rkyv_derive0.7-0.7.46-1.fc44
FEDORA-2026-f08ea66b23
Packages in this update:
- rust-rkyv0.7-0.7.46-1.fc44
- rust-rkyv_derive0.7-0.7.46-1.fc44
USN-7959-1: klibc vulnerabilities
It was discovered that zlib, vendored in klibc, did not properly handle
integer arithmetic. An attacker could possibly use this issue to execute
arbitrary code or cause a denial of service.
DSA-6100-1 chromium - security update
DSA-6099-1 python-parsl - security update
next-20260114: linux-next
Version:next-20260114 (linux-next)
Released:2026-01-14
USN-7958-1: AngularJS vulnerabilities
It was discovered that AngularJS did not properly sanitize certain
`xlink:href` attributes. A remote attacker could possibly use this issue
to perform cross site scripting. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-14863)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS and Ubuntu 25.04. (CVE-2022-25844)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
(CVE-2023-26116, CVE-2023-26117)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490)
It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu
24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336)
It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. (CVE-2025-0716)
rpki-client-9.7-1.el10_1
FEDORA-EPEL-2026-9f805cbd8b
Packages in this update:
- rpki-client-9.7-1.el10_1
- The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
- Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
- Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
- Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.
rpki-client-9.7-1.el8
FEDORA-EPEL-2026-ec249caf6e
Packages in this update:
- rpki-client-9.7-1.el8
- The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
- Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
- Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
- Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.