Aggregator

rpki-client-9.7-1.fc43

Fedora Security Advisories
1 week 2 days ago
FEDORA-2026-0d27571013 Packages in this update:
  • rpki-client-9.7-1.fc43
Update description: rpki-client 9.7
  • The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
  • Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
  • Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
  • Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

rpki-client-9.7-1.el10_2

Fedora Security Advisories
1 week 2 days ago
FEDORA-EPEL-2026-c3907ce405 Packages in this update:
  • rpki-client-9.7-1.el10_2
Update description: rpki-client 9.7
  • The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
  • Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
  • Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
  • Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

rpki-client-9.7-1.fc42

Fedora Security Advisories
1 week 2 days ago
FEDORA-2026-d2431d8ac0 Packages in this update:
  • rpki-client-9.7-1.fc42
Update description: rpki-client 9.7
  • The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
  • Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
  • Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
  • Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

rpki-client-9.7-1.el9

Fedora Security Advisories
1 week 2 days ago
FEDORA-EPEL-2026-e8927bc057 Packages in this update:
  • rpki-client-9.7-1.el9
Update description: rpki-client 9.7
  • The Canonical Cache Representation underwent a breaking change after the adoption of https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-ccr/ as a SIDROPS working group item. Apart from several CMS-related cosmetics it now uses a IANA-assigned content type. As a result, rpki-client 9.7 cannot parse rpki-client 9.6's .ccr files and vice versa.
  • Support for Ghostbusters Record objects (RFC 6493) has been removed. Nobody showed interest in deploying this and there are other, widely supported ways of exchanging operational contact information such as RDAP. RFC 6493 is undergoing a status review to be marked as historic: https://datatracker.ietf.org/doc/status-change-rpki-ghostbusters-record-to-historic/
  • Prepare the code base for the opaque ASN1_STRING structure in OpenSSL 4.
  • Fixed two reliability issues: one where a malicious RPKI Certification Authority can trigger a crash, one where malicious Trust Anchor can provoke memory exhaustion.

USN-7927-3: urllib3 regression

Ubuntu Security Advisories
1 week 2 days ago
USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in urllib3 when decompressing zstd data. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package.

USN-7957-1: WebKitGTK vulnerabilities

Ubuntu Security Advisories
1 week 2 days ago
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.