Fedora Security Updates

FEDORA-EPEL-2026-d987e77392 Packages in this update: rpki-client-9.8-1.el10_3 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-2026-f7b4693f9d Packages in this update: rpki-client-9.8-1.fc42 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-EPEL-2026-fa0a18146b Packages in this update: rpki-client-9.8-1.el9 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-EPEL-2026-30fa3bab72 Packages in this update: rpki-client-9.8-1.el8 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-2026-27892c9184 Packages in this update: rpki-client-9.8-1.fc43 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-EPEL-2026-4b1768b6b3 Packages in this update: rpki-client-9.8-1.el10_1 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-EPEL-2026-861d7dd961 Packages in this update: rpki-client-9.8-1.el10_2 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-2026-879659f6c2 Packages in this update: rpki-client-9.8-1.fc44 Update description: rpki-client 9.8 Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. Fixed an accounting issue in HTTP gzip compression detection. Added a warning in extra verbose mode (-vv) about standards non-compliant Issuer and Subject ASN.1 string encodings. Added a check for canonical encoding of ASPA eContent in alignment with draft-ietf-sidrops-aspa-profile-22. Ensure that a repository timeout correctly stops repository processing. Fixed a defect in Canonical Cache Representation ROAIPAddressFamily sort order. As a result, rpki-client 9.8 cannot parse rpki-client 9.7’s .ccr files and vice versa. Fixed an issue in the parser for the locally configured constraints. A malicious RRDP Publication Server can cause a NULL dereference. A malicious RPKI Publication Server can cause an incorrect error exit.

FEDORA-EPEL-2026-28892a37be Packages in this update: python-cairosvg-2.9.0-1.el10_1 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-EPEL-2026-de229f53d8 Packages in this update: python-cairosvg-2.9.0-1.el10_2 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-EPEL-2026-62a170e678 Packages in this update: python-cairosvg-2.9.0-1.el10_3 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-EPEL-2026-437fe6eb99 Packages in this update: python-cairosvg-2.7.0-2.el9 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-2026-a2778fcae6 Packages in this update: python-cairosvg-2.9.0-1.fc42 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-2026-448e26a9c8 Packages in this update: python-cairosvg-2.9.0-1.fc44 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-2026-ec61ca906c Packages in this update: python-cairosvg-2.9.0-1.fc43 Update description: Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c Exponential DoS via recursive <use> element amplification

FEDORA-2026-c0163d5a73 Packages in this update: xorg-x11-server-Xwayland-24.1.10-1.fc42 Update description: Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

FEDORA-2026-beff97a194 Packages in this update: xorg-x11-server-Xwayland-24.1.10-1.fc43 Update description: Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

FEDORA-2026-922a6d4e1a Packages in this update: xorg-x11-server-Xwayland-24.1.10-1.fc44 Update description: Update to xwayland 24.1.10, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

FEDORA-2026-2c6941716b Packages in this update: xorg-x11-server-21.1.22-1.fc42 Update description: Update to xserver 21.1.22, CVE fix for: CVE-2026-33999, CVE-2026-34000, CVE-2026-34001, CVE-2026-34002, CVE-2026-34003

FEDORA-EPEL-2026-28a74d595b Packages in this update: prometheus-3.11.2-1.el10_3 Update description: Update to 3.11.2 Update to 3.11.1 Update to 3.11.0