Fedora Security Advisories

python3.11-3.11.15-4.fc45

Fedora Security Advisories
1 hour 16 minutes ago
FEDORA-2026-a5ba8297fd Packages in this update:
  • python3.11-3.11.15-4.fc45
Update description:

Automatic update for python3.11-3.11.15-4.fc45.

Changelog * Fri Apr 17 2026 Charalampos Stratakis <cstratak@redhat.com> - 3.11.15-4 - Security fixes for CVE-2026-1502, CVE-2026-4786, CVE-2026-6100, CVE-2026-2297, CVE 2026-3644, CVE-2026-4224 Resolves: rhbz#2457941, rhbz#2458221, rhbz#2458013, rhbz#2444704, rhbz#2448188, rhbz#2448204 * Sat Apr 11 2026 Miro Hrončok <mhroncok@redhat.com> - 3.11.15-3 - Explicitly build with OpenSSL 3

chromium-147.0.7727.101-1.fc43

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-2026-d3c82235d4 Packages in this update:
  • chromium-147.0.7727.101-1.fc43
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

chromium-147.0.7727.101-1.el10_2

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-EPEL-2026-c7fa5f9be3 Packages in this update:
  • chromium-147.0.7727.101-1.el10_2
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

chromium-147.0.7727.101-1.el10_3

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-EPEL-2026-6d455368fd Packages in this update:
  • chromium-147.0.7727.101-1.el10_3
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

chromium-147.0.7727.101-1.fc44

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-2026-ca6321e5f1 Packages in this update:
  • chromium-147.0.7727.101-1.fc44
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

chromium-147.0.7727.101-1.fc42

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-2026-3675ac2066 Packages in this update:
  • chromium-147.0.7727.101-1.fc42
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

Update to 147.0.7727.55

  • Critical CVE-2026-5858: Heap buffer overflow in WebML
  • Critical CVE-2026-5859: Integer overflow in WebML
  • High CVE-2026-5860: Use after free in WebRTC
  • High CVE-2026-5861: Use after free in V8
  • High CVE-2026-5862: Inappropriate implementation in V8
  • High CVE-2026-5863: Inappropriate implementation in V8
  • High CVE-2026-5864: Heap buffer overflow in WebAudio
  • High CVE-2026-5865: Type Confusion in V8
  • High CVE-2026-5866: Use after free in Media
  • High CVE-2026-5867: Heap buffer overflow in WebML
  • High CVE-2026-5868: Heap buffer overflow in ANGLE
  • High CVE-2026-5869: Heap buffer overflow in WebML
  • High CVE-2026-5870: Integer overflow in Skia
  • High CVE-2026-5871: Type Confusion in V8
  • High CVE-2026-5872: Use after free in Blink
  • High CVE-2026-5873: Out of bounds read and write in V8
  • Medium CVE-2026-5874: Use after free in PrivateAI
  • Medium CVE-2026-5875: Policy bypass in Blink
  • Medium CVE-2026-5876: Side-channel information leakage in Navigation
  • Medium CVE-2026-5877: Use after free in Navigation
  • Medium CVE-2026-5878: Incorrect security UI in Blink
  • Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
  • Medium CVE-2026-5880: Incorrect security UI in browser UI
  • Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
  • Medium CVE-2026-5882: Incorrect security UI in Fullscreen
  • Medium CVE-2026-5883: Use after free in Media
  • Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
  • Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
  • Medium CVE-2026-5886: Out of bounds read in WebAudio
  • Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
  • Medium CVE-2026-5888: Uninitialized Use in WebCodecs
  • Medium CVE-2026-5889: Cryptographic Flaw in PDFium
  • Medium CVE-2026-5890: Race in WebCodecs
  • Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
  • Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
  • Medium CVE-2026-5893: Race in V8
  • Low CVE-2026-5894: Inappropriate implementation in PDF
  • Low CVE-2026-5895: Incorrect security UI in Omnibox
  • Low CVE-2026-5896: Policy bypass in Audio
  • Low CVE-2026-5897: Incorrect security UI in Downloads
  • Low CVE-2026-5898: Incorrect security UI in Omnibox
  • Low CVE-2026-5899: Incorrect security UI in History Navigation
  • Low CVE-2026-5900: Policy bypass in Downloads
  • Low CVE-2026-5901: Policy bypass in DevTools
  • Low CVE-2026-5902: Race in Media
  • Low CVE-2026-5903: Policy bypass in IFrameSandbox
  • Low CVE-2026-5904: Use after free in V8
  • Low CVE-2026-5905: Incorrect security UI in Permissions
  • Low CVE-2026-5906: Incorrect security UI in Omnibox
  • Low CVE-2026-5907: Insufficient data validation in Media
  • Low CVE-2026-5908: Integer overflow in Media
  • Low CVE-2026-5909: Integer overflow in Media
  • Low CVE-2026-5910: Integer overflow in Media
  • Low CVE-2026-5911: Policy bypass in ServiceWorkers
  • Low CVE-2026-5912: Integer overflow in WebRTC
  • Low CVE-2026-5913: Out of bounds read in Blink
  • Low CVE-2026-5914: Type Confusion in CSS
  • Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
  • Low CVE-2026-5918: Inappropriate implementation in Navigation
  • Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets

Update to 146.0.7680.177

  • High CVE-2026-5273: Use after free in CSS
  • High CVE-2026-5272: Heap buffer overflow in GPU
  • High CVE-2026-5274: Integer overflow in Codecs
  • High CVE-2026-5275: Heap buffer overflow in ANGLE
  • High CVE-2026-5276: Insufficient policy enforcement in WebUSB
  • High CVE-2026-5277: Integer overflow in ANGLE
  • High CVE-2026-5278: Use after free in Web MIDI
  • High CVE-2026-5279: Object corruption in V8
  • High CVE-2026-5280: Use after free in WebCodecs
  • High CVE-2026-5281: Use after free in Dawn
  • High CVE-2026-5282: Out of bounds read in WebCodecs
  • High CVE-2026-5283: Inappropriate implementation in ANGLE
  • High CVE-2026-5284: Use after free in Dawn
  • High CVE-2026-5285: Use after free in WebGL
  • High CVE-2026-5286: Use after free in Dawn
  • High CVE-2026-5287: Use after free in PDF
  • High CVE-2026-5288: Use after free in WebView
  • High CVE-2026-5289: Use after free in Navigation
  • High CVE-2026-5290: Use after free in Compositing
  • Medium CVE-2026-5291: Inappropriate implementation in WebGL
  • Medium CVE-2026-5292: Out of bounds read in WebCodecs

chromium-147.0.7727.101-1.el10_1

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-EPEL-2026-f2ac7803f9 Packages in this update:
  • chromium-147.0.7727.101-1.el10_1
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

chromium-147.0.7727.101-1.el9

Fedora Security Advisories
4 hours 53 minutes ago
FEDORA-EPEL-2026-9ce82c1a41 Packages in this update:
  • chromium-147.0.7727.101-1.el9
Update description:

Update to 147.0.7727.101

  • Critical CVE-2026-6296: Heap buffer overflow in ANGLE
  • Critical CVE-2026-6297: Use after free in Proxy
  • Critical CVE-2026-6298: Heap buffer overflow in Skia
  • Critical CVE-2026-6299: Use after free in Prerender
  • Critical CVE-2026-6358: Use after free in XR
  • High CVE-2026-6359: Use after free in Video
  • High CVE-2026-6300: Use after free in CSS
  • High CVE-2026-6301: Type Confusion in Turbofan
  • High CVE-2026-6302: Use after free in Video
  • High CVE-2026-6303: Use after free in Codecs
  • High CVE-2026-6304: Use after free in Graphite
  • High CVE-2026-6305: Heap buffer overflow in PDFium
  • High CVE-2026-6306: Heap buffer overflow in PDFium
  • High CVE-2026-6307: Type Confusion in Turbofan
  • High CVE-2026-6308: Out of bounds read in Media
  • High CVE-2026-6309: Use after free in Viz
  • High CVE-2026-6360: Use after free in FileSystem
  • High CVE-2026-6310: Use after free in Dawn
  • High CVE-2026-6311: Uninitialized Use in Accessibility
  • High CVE-2026-6312: Insufficient policy enforcement in Passwords
  • High CVE-2026-6313: Insufficient policy enforcement in CORS
  • High CVE-2026-6314: Out of bounds write in GPU
  • High CVE-2026-6315: Use after free in Permissions
  • High CVE-2026-6316: Use after free in Forms
  • High CVE-2026-6361: Heap buffer overflow in PDFium
  • High CVE-2026-6362: Use after free in Codecs
  • High CVE-2026-6317: Use after free in Cast
  • Medium CVE-2026-6363: Type Confusion in V8
  • Medium CVE-2026-6318: Use after free in Codecs
  • Medium CVE-2026-6319: Use after free in Payments
  • Medium CVE-2026-6364: Out of bounds read in Skia

gum-0.17.0-3.fc44

Fedora Security Advisories
12 hours 17 minutes ago
FEDORA-2026-10cf6ce616 Packages in this update:
  • gum-0.17.0-3.fc44
Update description:

Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160.

coturn-4.10.0-1.el10_3

Fedora Security Advisories
14 hours 41 minutes ago
FEDORA-EPEL-2026-8022001aef Packages in this update:
  • coturn-4.10.0-1.el10_3
Update description: Coturn 4.10.0 Performance
  • Add Linux-only recvmmsg client receive path for DTLS/UDP listener
  • Skip response buffer allocation for STUN indications
  • Remove mutex from per-thread super_memory allocator
  • Eliminate mutex and reduce copies on auth message dispatch
  • Replace mutex_bps with lock-free atomics for bandwidth tracking
  • Remove unused mutex from ur_map structure
  • WebRTC Auth optimization path
  • Improve worst case scenario - avoid memory allocation
Memory issues
  • Fix null pointer dereferences in post_parse()
  • Fix stack buffer overflow in OAuth token decoding
  • Fix uint16_t truncation overflow in stun_get_message_len_str()
  • Initialize variables before use
Security
  • CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
General Improvements
  • Disable reason string in response messages to reduce amplification factor
  • Keep only NEV_UDP_SOCKET_PER_THREAD network engine
  • Replace perror with logging
  • Extend seed corpus and add more fuzzing scenarios
  • Update config and Readme files about deprecated TLSv1/1.1
  • Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
  • Change port identifiers to use uint16_t
  • Fixes: run_tests.sh and no db
  • Improve PostgreSQL.md clarity
  • Add session usage reporting callback to TURN database driver
  • CLI interface is disabled by default

coturn-4.10.0-1.fc42

Fedora Security Advisories
14 hours 41 minutes ago
FEDORA-2026-e673311164 Packages in this update:
  • coturn-4.10.0-1.fc42
Update description: Coturn 4.10.0 Performance
  • Add Linux-only recvmmsg client receive path for DTLS/UDP listener
  • Skip response buffer allocation for STUN indications
  • Remove mutex from per-thread super_memory allocator
  • Eliminate mutex and reduce copies on auth message dispatch
  • Replace mutex_bps with lock-free atomics for bandwidth tracking
  • Remove unused mutex from ur_map structure
  • WebRTC Auth optimization path
  • Improve worst case scenario - avoid memory allocation
Memory issues
  • Fix null pointer dereferences in post_parse()
  • Fix stack buffer overflow in OAuth token decoding
  • Fix uint16_t truncation overflow in stun_get_message_len_str()
  • Initialize variables before use
Security
  • CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
General Improvements
  • Disable reason string in response messages to reduce amplification factor
  • Keep only NEV_UDP_SOCKET_PER_THREAD network engine
  • Replace perror with logging
  • Extend seed corpus and add more fuzzing scenarios
  • Update config and Readme files about deprecated TLSv1/1.1
  • Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
  • Change port identifiers to use uint16_t
  • Fixes: run_tests.sh and no db
  • Improve PostgreSQL.md clarity
  • Add session usage reporting callback to TURN database driver
  • CLI interface is disabled by default

coturn-4.10.0-1.el10_1

Fedora Security Advisories
14 hours 41 minutes ago
FEDORA-EPEL-2026-63737a3630 Packages in this update:
  • coturn-4.10.0-1.el10_1
Update description: Coturn 4.10.0 Performance
  • Add Linux-only recvmmsg client receive path for DTLS/UDP listener
  • Skip response buffer allocation for STUN indications
  • Remove mutex from per-thread super_memory allocator
  • Eliminate mutex and reduce copies on auth message dispatch
  • Replace mutex_bps with lock-free atomics for bandwidth tracking
  • Remove unused mutex from ur_map structure
  • WebRTC Auth optimization path
  • Improve worst case scenario - avoid memory allocation
Memory issues
  • Fix null pointer dereferences in post_parse()
  • Fix stack buffer overflow in OAuth token decoding
  • Fix uint16_t truncation overflow in stun_get_message_len_str()
  • Initialize variables before use
Security
  • CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
General Improvements
  • Disable reason string in response messages to reduce amplification factor
  • Keep only NEV_UDP_SOCKET_PER_THREAD network engine
  • Replace perror with logging
  • Extend seed corpus and add more fuzzing scenarios
  • Update config and Readme files about deprecated TLSv1/1.1
  • Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
  • Change port identifiers to use uint16_t
  • Fixes: run_tests.sh and no db
  • Improve PostgreSQL.md clarity
  • Add session usage reporting callback to TURN database driver
  • CLI interface is disabled by default

coturn-4.10.0-1.fc44

Fedora Security Advisories
14 hours 41 minutes ago
FEDORA-2026-1c11dc3e37 Packages in this update:
  • coturn-4.10.0-1.fc44
Update description: Coturn 4.10.0 Performance
  • Add Linux-only recvmmsg client receive path for DTLS/UDP listener
  • Skip response buffer allocation for STUN indications
  • Remove mutex from per-thread super_memory allocator
  • Eliminate mutex and reduce copies on auth message dispatch
  • Replace mutex_bps with lock-free atomics for bandwidth tracking
  • Remove unused mutex from ur_map structure
  • WebRTC Auth optimization path
  • Improve worst case scenario - avoid memory allocation
Memory issues
  • Fix null pointer dereferences in post_parse()
  • Fix stack buffer overflow in OAuth token decoding
  • Fix uint16_t truncation overflow in stun_get_message_len_str()
  • Initialize variables before use
Security
  • CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
General Improvements
  • Disable reason string in response messages to reduce amplification factor
  • Keep only NEV_UDP_SOCKET_PER_THREAD network engine
  • Replace perror with logging
  • Extend seed corpus and add more fuzzing scenarios
  • Update config and Readme files about deprecated TLSv1/1.1
  • Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
  • Change port identifiers to use uint16_t
  • Fixes: run_tests.sh and no db
  • Improve PostgreSQL.md clarity
  • Add session usage reporting callback to TURN database driver
  • CLI interface is disabled by default

coturn-4.10.0-1.el9

Fedora Security Advisories
14 hours 41 minutes ago
FEDORA-EPEL-2026-e0c1b77ba1 Packages in this update:
  • coturn-4.10.0-1.el9
Update description: Coturn 4.10.0 Performance
  • Add Linux-only recvmmsg client receive path for DTLS/UDP listener
  • Skip response buffer allocation for STUN indications
  • Remove mutex from per-thread super_memory allocator
  • Eliminate mutex and reduce copies on auth message dispatch
  • Replace mutex_bps with lock-free atomics for bandwidth tracking
  • Remove unused mutex from ur_map structure
  • WebRTC Auth optimization path
  • Improve worst case scenario - avoid memory allocation
Memory issues
  • Fix null pointer dereferences in post_parse()
  • Fix stack buffer overflow in OAuth token decoding
  • Fix uint16_t truncation overflow in stun_get_message_len_str()
  • Initialize variables before use
Security
  • CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
General Improvements
  • Disable reason string in response messages to reduce amplification factor
  • Keep only NEV_UDP_SOCKET_PER_THREAD network engine
  • Replace perror with logging
  • Extend seed corpus and add more fuzzing scenarios
  • Update config and Readme files about deprecated TLSv1/1.1
  • Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
  • Change port identifiers to use uint16_t
  • Fixes: run_tests.sh and no db
  • Improve PostgreSQL.md clarity
  • Add session usage reporting callback to TURN database driver
  • CLI interface is disabled by default

coturn-4.10.0-1.el10_2

Fedora Security Advisories
14 hours 41 minutes ago
FEDORA-EPEL-2026-5e71b7731b Packages in this update:
  • coturn-4.10.0-1.el10_2
Update description: Coturn 4.10.0 Performance
  • Add Linux-only recvmmsg client receive path for DTLS/UDP listener
  • Skip response buffer allocation for STUN indications
  • Remove mutex from per-thread super_memory allocator
  • Eliminate mutex and reduce copies on auth message dispatch
  • Replace mutex_bps with lock-free atomics for bandwidth tracking
  • Remove unused mutex from ur_map structure
  • WebRTC Auth optimization path
  • Improve worst case scenario - avoid memory allocation
Memory issues
  • Fix null pointer dereferences in post_parse()
  • Fix stack buffer overflow in OAuth token decoding
  • Fix uint16_t truncation overflow in stun_get_message_len_str()
  • Initialize variables before use
Security
  • CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
General Improvements
  • Disable reason string in response messages to reduce amplification factor
  • Keep only NEV_UDP_SOCKET_PER_THREAD network engine
  • Replace perror with logging
  • Extend seed corpus and add more fuzzing scenarios
  • Update config and Readme files about deprecated TLSv1/1.1
  • Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
  • Change port identifiers to use uint16_t
  • Fixes: run_tests.sh and no db
  • Improve PostgreSQL.md clarity
  • Add session usage reporting callback to TURN database driver
  • CLI interface is disabled by default
Checked
48 minutes 15 seconds ago
URL
https://bodhi.fedoraproject.org/rss/updates/?type=security