Aggregator

USN-7960-1: Rack vulnerabilities

1 week 3 days ago
It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2025-59830) It was discovered that Rack did not properly handle certain multipart form data. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61770, CVE-2025-61772) It was discovered that Rack did not properly handle certain form fields. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771) It was discovered that Rack did not properly handle certain headers. An attacker could possibly use this issue to bypass proxy access restrictions and obtain sensitive information. (CVE-2025-61780) Tomoya Yamashita discovered that Rack did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause memory exhaustion, leading to a denial of service. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61919)

USN-7958-1: AngularJS vulnerabilities

1 week 3 days ago
It was discovered that AngularJS did not properly sanitize certain `xlink:href` attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. (CVE-2019-14863) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2022-25844) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. (CVE-2023-26116, CVE-2023-26117) It was discovered that AngularJS incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause AngularJS to consume resources, leading to a regular expression denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336) It was discovered that AngularJS did not properly sanitize certain inputs in HTML elements. A remote attacker could possibly use this issue to perform spoofing and obtain sensitive information. (CVE-2025-0716)

rpki-client-9.7-1.el10_1

1 week 4 days ago
FEDORA-EPEL-2026-9f805cbd8b Packages in this update:
  • rpki-client-9.7-1.el10_1
Update description: rpki-client 9.7
  • The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
  • Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
  • Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
  • Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

rpki-client-9.7-1.el8

1 week 4 days ago
FEDORA-EPEL-2026-ec249caf6e Packages in this update:
  • rpki-client-9.7-1.el8
Update description: rpki-client 9.7
  • The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
  • Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
  • Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
  • Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.