libcoap-4.3.5b-1.fc44
FEDORA-2026-148e35657a
Packages in this update:
- libcoap-4.3.5b-1.fc44
Update to 4.3.5b
Fedora Security Advisories
libcoap-4.3.5b-1.fc43
FEDORA-2026-0ce923a09d
Packages in this update:
- libcoap-4.3.5b-1.fc43
Update to 4.3.5b
libcoap-4.3.5b-1.fc42
FEDORA-2026-a8ee24f019
Packages in this update:
- libcoap-4.3.5b-1.fc42
Update to 4.3.5b
chromium-147.0.7727.101-1.fc43
FEDORA-2026-d3c82235d4
Packages in this update:
- chromium-147.0.7727.101-1.fc43
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
chromium-147.0.7727.101-1.el10_2
FEDORA-EPEL-2026-c7fa5f9be3
Packages in this update:
- chromium-147.0.7727.101-1.el10_2
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
chromium-147.0.7727.101-1.el10_3
FEDORA-EPEL-2026-6d455368fd
Packages in this update:
- chromium-147.0.7727.101-1.el10_3
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
chromium-147.0.7727.101-1.fc44
FEDORA-2026-ca6321e5f1
Packages in this update:
- chromium-147.0.7727.101-1.fc44
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
chromium-147.0.7727.101-1.fc42
FEDORA-2026-3675ac2066
Packages in this update:
- chromium-147.0.7727.101-1.fc42
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
Update to 147.0.7727.55
- Critical CVE-2026-5858: Heap buffer overflow in WebML
- Critical CVE-2026-5859: Integer overflow in WebML
- High CVE-2026-5860: Use after free in WebRTC
- High CVE-2026-5861: Use after free in V8
- High CVE-2026-5862: Inappropriate implementation in V8
- High CVE-2026-5863: Inappropriate implementation in V8
- High CVE-2026-5864: Heap buffer overflow in WebAudio
- High CVE-2026-5865: Type Confusion in V8
- High CVE-2026-5866: Use after free in Media
- High CVE-2026-5867: Heap buffer overflow in WebML
- High CVE-2026-5868: Heap buffer overflow in ANGLE
- High CVE-2026-5869: Heap buffer overflow in WebML
- High CVE-2026-5870: Integer overflow in Skia
- High CVE-2026-5871: Type Confusion in V8
- High CVE-2026-5872: Use after free in Blink
- High CVE-2026-5873: Out of bounds read and write in V8
- Medium CVE-2026-5874: Use after free in PrivateAI
- Medium CVE-2026-5875: Policy bypass in Blink
- Medium CVE-2026-5876: Side-channel information leakage in Navigation
- Medium CVE-2026-5877: Use after free in Navigation
- Medium CVE-2026-5878: Incorrect security UI in Blink
- Medium CVE-2026-5879: Insufficient validation of untrusted input in ANGLE
- Medium CVE-2026-5880: Incorrect security UI in browser UI
- Medium CVE-2026-5881: Policy bypass in LocalNetworkAccess
- Medium CVE-2026-5882: Incorrect security UI in Fullscreen
- Medium CVE-2026-5883: Use after free in Media
- Medium CVE-2026-5884: Insufficient validation of untrusted input in Media
- Medium CVE-2026-5885: Insufficient validation of untrusted input in WebML
- Medium CVE-2026-5886: Out of bounds read in WebAudio
- Medium CVE-2026-5887: Insufficient validation of untrusted input in Downloads
- Medium CVE-2026-5888: Uninitialized Use in WebCodecs
- Medium CVE-2026-5889: Cryptographic Flaw in PDFium
- Medium CVE-2026-5890: Race in WebCodecs
- Medium CVE-2026-5891: Insufficient policy enforcement in browser UI
- Medium CVE-2026-5892: Insufficient policy enforcement in PWAs
- Medium CVE-2026-5893: Race in V8
- Low CVE-2026-5894: Inappropriate implementation in PDF
- Low CVE-2026-5895: Incorrect security UI in Omnibox
- Low CVE-2026-5896: Policy bypass in Audio
- Low CVE-2026-5897: Incorrect security UI in Downloads
- Low CVE-2026-5898: Incorrect security UI in Omnibox
- Low CVE-2026-5899: Incorrect security UI in History Navigation
- Low CVE-2026-5900: Policy bypass in Downloads
- Low CVE-2026-5901: Policy bypass in DevTools
- Low CVE-2026-5902: Race in Media
- Low CVE-2026-5903: Policy bypass in IFrameSandbox
- Low CVE-2026-5904: Use after free in V8
- Low CVE-2026-5905: Incorrect security UI in Permissions
- Low CVE-2026-5906: Incorrect security UI in Omnibox
- Low CVE-2026-5907: Insufficient data validation in Media
- Low CVE-2026-5908: Integer overflow in Media
- Low CVE-2026-5909: Integer overflow in Media
- Low CVE-2026-5910: Integer overflow in Media
- Low CVE-2026-5911: Policy bypass in ServiceWorkers
- Low CVE-2026-5912: Integer overflow in WebRTC
- Low CVE-2026-5913: Out of bounds read in Blink
- Low CVE-2026-5914: Type Confusion in CSS
- Low CVE-2026-5915: Insufficient validation of untrusted input in WebML
- Low CVE-2026-5918: Inappropriate implementation in Navigation
- Low CVE-2026-5919: Insufficient validation of untrusted input in WebSockets
Update to 146.0.7680.177
- High CVE-2026-5273: Use after free in CSS
- High CVE-2026-5272: Heap buffer overflow in GPU
- High CVE-2026-5274: Integer overflow in Codecs
- High CVE-2026-5275: Heap buffer overflow in ANGLE
- High CVE-2026-5276: Insufficient policy enforcement in WebUSB
- High CVE-2026-5277: Integer overflow in ANGLE
- High CVE-2026-5278: Use after free in Web MIDI
- High CVE-2026-5279: Object corruption in V8
- High CVE-2026-5280: Use after free in WebCodecs
- High CVE-2026-5281: Use after free in Dawn
- High CVE-2026-5282: Out of bounds read in WebCodecs
- High CVE-2026-5283: Inappropriate implementation in ANGLE
- High CVE-2026-5284: Use after free in Dawn
- High CVE-2026-5285: Use after free in WebGL
- High CVE-2026-5286: Use after free in Dawn
- High CVE-2026-5287: Use after free in PDF
- High CVE-2026-5288: Use after free in WebView
- High CVE-2026-5289: Use after free in Navigation
- High CVE-2026-5290: Use after free in Compositing
- Medium CVE-2026-5291: Inappropriate implementation in WebGL
- Medium CVE-2026-5292: Out of bounds read in WebCodecs
chromium-147.0.7727.101-1.el10_1
FEDORA-EPEL-2026-f2ac7803f9
Packages in this update:
- chromium-147.0.7727.101-1.el10_1
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
chromium-147.0.7727.101-1.el9
FEDORA-EPEL-2026-9ce82c1a41
Packages in this update:
- chromium-147.0.7727.101-1.el9
Update to 147.0.7727.101
- Critical CVE-2026-6296: Heap buffer overflow in ANGLE
- Critical CVE-2026-6297: Use after free in Proxy
- Critical CVE-2026-6298: Heap buffer overflow in Skia
- Critical CVE-2026-6299: Use after free in Prerender
- Critical CVE-2026-6358: Use after free in XR
- High CVE-2026-6359: Use after free in Video
- High CVE-2026-6300: Use after free in CSS
- High CVE-2026-6301: Type Confusion in Turbofan
- High CVE-2026-6302: Use after free in Video
- High CVE-2026-6303: Use after free in Codecs
- High CVE-2026-6304: Use after free in Graphite
- High CVE-2026-6305: Heap buffer overflow in PDFium
- High CVE-2026-6306: Heap buffer overflow in PDFium
- High CVE-2026-6307: Type Confusion in Turbofan
- High CVE-2026-6308: Out of bounds read in Media
- High CVE-2026-6309: Use after free in Viz
- High CVE-2026-6360: Use after free in FileSystem
- High CVE-2026-6310: Use after free in Dawn
- High CVE-2026-6311: Uninitialized Use in Accessibility
- High CVE-2026-6312: Insufficient policy enforcement in Passwords
- High CVE-2026-6313: Insufficient policy enforcement in CORS
- High CVE-2026-6314: Out of bounds write in GPU
- High CVE-2026-6315: Use after free in Permissions
- High CVE-2026-6316: Use after free in Forms
- High CVE-2026-6361: Heap buffer overflow in PDFium
- High CVE-2026-6362: Use after free in Codecs
- High CVE-2026-6317: Use after free in Cast
- Medium CVE-2026-6363: Type Confusion in V8
- Medium CVE-2026-6318: Use after free in Codecs
- Medium CVE-2026-6319: Use after free in Payments
- Medium CVE-2026-6364: Out of bounds read in Skia
gum-0.17.0-3.el10_3
FEDORA-EPEL-2026-5f723f26cd
Packages in this update:
- gum-0.17.0-3.el10_3
Update from version 0.16.1 to version 0.17.0. This update also resolves CVE-2025-47906 and CVE-2026-5160.
gum-0.17.0-3.fc44
FEDORA-2026-10cf6ce616
Packages in this update:
- gum-0.17.0-3.fc44
Update vendored goldmark to 1.7.17 to resolve CVE-2026-5160.
gum-0.16.1-2.fc42
FEDORA-2026-bebf3b0544
Packages in this update:
- gum-0.16.1-2.fc42
Rebuild with latest golang to resolve CVE-2025-47906.
coturn-4.10.0-1.el10_3
FEDORA-EPEL-2026-8022001aef
Packages in this update:
- coturn-4.10.0-1.el10_3
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default
coturn-4.10.0-1.fc42
FEDORA-2026-e673311164
Packages in this update:
- coturn-4.10.0-1.fc42
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default
coturn-4.10.0-1.el10_1
FEDORA-EPEL-2026-63737a3630
Packages in this update:
- coturn-4.10.0-1.el10_1
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default
coturn-4.10.0-1.fc44
FEDORA-2026-1c11dc3e37
Packages in this update:
- coturn-4.10.0-1.fc44
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default
coturn-4.10.0-1.el9
FEDORA-EPEL-2026-e0c1b77ba1
Packages in this update:
- coturn-4.10.0-1.el9
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default
coturn-4.10.0-1.el10_2
FEDORA-EPEL-2026-5e71b7731b
Packages in this update:
- coturn-4.10.0-1.el10_2
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default
coturn-4.10.0-1.fc43
FEDORA-2026-1adc5f1ef8
Packages in this update:
- coturn-4.10.0-1.fc43
- Add Linux-only recvmmsg client receive path for DTLS/UDP listener
- Skip response buffer allocation for STUN indications
- Remove mutex from per-thread super_memory allocator
- Eliminate mutex and reduce copies on auth message dispatch
- Replace mutex_bps with lock-free atomics for bandwidth tracking
- Remove unused mutex from ur_map structure
- WebRTC Auth optimization path
- Improve worst case scenario - avoid memory allocation
- Fix null pointer dereferences in post_parse()
- Fix stack buffer overflow in OAuth token decoding
- Fix uint16_t truncation overflow in stun_get_message_len_str()
- Initialize variables before use
- CVE-2026-40613 Misaligned Memory Access STUN Attribute Parser
- Disable reason string in response messages to reduce amplification factor
- Keep only NEV_UDP_SOCKET_PER_THREAD network engine
- Replace perror with logging
- Extend seed corpus and add more fuzzing scenarios
- Update config and Readme files about deprecated TLSv1/1.1
- Restore RFC 3489 (old STUN) backward compatibility broken since 4.7.0
- Change port identifiers to use uint16_t
- Fixes: run_tests.sh and no db
- Improve PostgreSQL.md clarity
- Add session usage reporting callback to TURN database driver
- CLI interface is disabled by default