Critical RPKI Update Addresses DoS Risks in Fedora 42 and 43
Severity: High (Score: 69.8)
Sources: Linuxsecurity
Summary
On April 24, 2026, two articles reported on the critical update for the rpki-client version 9.8 in Fedora 42 and 43. This update addresses vulnerabilities that could allow a malicious RRDP or RPKI Publication Server to cause a NULL dereference or an incorrect error exit, potentially leading to Denial of Service (DoS) conditions. The update includes various refactoring for improved compatibility with libcrypto implementations and fixes for HTTP gzip compression detection. Notably, rpki-client 9.8 cannot parse .ccr files from version 9.7, which may affect users transitioning between these versions. The vulnerabilities are significant as they impact the validation of Route Origin Authorisations (ROAs) crucial for BGP announcements. Users of the OpenBSD rpki-client should upgrade to version 9.8 to mitigate these risks. The update was released on April 16, 2026, by Robert Scheck and Fedora Release Engineering. Key Points: • rpki-client 9.8 addresses critical vulnerabilities in Fedora 42 and 43. • Malicious servers can exploit vulnerabilities to cause Denial of Service conditions. • Users must upgrade from rpki-client 9.7 to avoid parsing issues and security risks.