Fedora Security Advisories

krita-6.0.2.1-1.fc45

4 hours 54 minutes ago
FEDORA-2026-4084e20f7e Packages in this update:
  • krita-6.0.2.1-1.fc45
Update description:

Automatic update for krita-6.0.2.1-1.fc45.

Changelog * Wed Jun 17 2026 Than Ngo <than@redhat.com> - 6.0.2.1-1 - Fix rhbz#2481429, Update to 6.0.2.1 - Fix rhbz#2476570, CVE-2026-42144: integer overflow in PNM size check bypasses memory guard

coturn-4.13.1-1.el10_2

18 hours 39 minutes ago
FEDORA-EPEL-2026-f33139a01c Packages in this update:
  • coturn-4.13.1-1.el10_2
Update description: Coturn 4.13.1 What's in this release
  • Security fixes
What's Changed
  • Null-terminate server_name in stun_is_challenge_response_str
  • Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
  • Auto-deny coturn's own database backend endpoints as relay peers
  • Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0 What's in this release
  • More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
  • Security fixes
What's Changed
  • Wrap atomic everywhere
  • Fix sendmmsg stride bug in multiplex-peer UDP batch flush
  • Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
  • Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
  • Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
  • Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
  • Enable --udp-recvmmsg by default on Linux
  • Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
  • Add continuous latency mode to stunclient
  • Fix test_redis_format link failure
  • Fix configure MANPREFIX typo
  • Fix missing sqlite3 dependendcy
  • Fix UDP receive buffer ownership

coturn-4.13.1-1.el8

18 hours 39 minutes ago
FEDORA-EPEL-2026-5fb0ce4f22 Packages in this update:
  • coturn-4.13.1-1.el8
Update description: Coturn 4.13.1 What's in this release
  • Security fixes
What's Changed
  • Null-terminate server_name in stun_is_challenge_response_str
  • Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
  • Auto-deny coturn's own database backend endpoints as relay peers
  • Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0 What's in this release
  • More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
  • Security fixes
What's Changed
  • Wrap atomic everywhere
  • Fix sendmmsg stride bug in multiplex-peer UDP batch flush
  • Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
  • Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
  • Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
  • Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
  • Enable --udp-recvmmsg by default on Linux
  • Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
  • Add continuous latency mode to stunclient
  • Fix test_redis_format link failure
  • Fix configure MANPREFIX typo
  • Fix missing sqlite3 dependendcy
  • Fix UDP receive buffer ownership

coturn-4.13.1-1.fc43

18 hours 39 minutes ago
FEDORA-2026-c42d951aad Packages in this update:
  • coturn-4.13.1-1.fc43
Update description: Coturn 4.13.1 What's in this release
  • Security fixes
What's Changed
  • Null-terminate server_name in stun_is_challenge_response_str
  • Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
  • Auto-deny coturn's own database backend endpoints as relay peers
  • Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0 What's in this release
  • More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
  • Security fixes
What's Changed
  • Wrap atomic everywhere
  • Fix sendmmsg stride bug in multiplex-peer UDP batch flush
  • Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
  • Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
  • Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
  • Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
  • Enable --udp-recvmmsg by default on Linux
  • Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
  • Add continuous latency mode to stunclient
  • Fix test_redis_format link failure
  • Fix configure MANPREFIX typo
  • Fix missing sqlite3 dependendcy
  • Fix UDP receive buffer ownership

coturn-4.13.1-1.fc44

18 hours 39 minutes ago
FEDORA-2026-dda1360c18 Packages in this update:
  • coturn-4.13.1-1.fc44
Update description: Coturn 4.13.1 What's in this release
  • Security fixes
What's Changed
  • Null-terminate server_name in stun_is_challenge_response_str
  • Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
  • Auto-deny coturn's own database backend endpoints as relay peers
  • Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0 What's in this release
  • More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
  • Security fixes
What's Changed
  • Wrap atomic everywhere
  • Fix sendmmsg stride bug in multiplex-peer UDP batch flush
  • Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
  • Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
  • Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
  • Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
  • Enable --udp-recvmmsg by default on Linux
  • Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
  • Add continuous latency mode to stunclient
  • Fix test_redis_format link failure
  • Fix configure MANPREFIX typo
  • Fix missing sqlite3 dependendcy
  • Fix UDP receive buffer ownership

coturn-4.13.1-1.el10_3

18 hours 39 minutes ago
FEDORA-EPEL-2026-69da7ab3e5 Packages in this update:
  • coturn-4.13.1-1.el10_3
Update description: Coturn 4.13.1 What's in this release
  • Security fixes
What's Changed
  • Null-terminate server_name in stun_is_challenge_response_str
  • Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
  • Auto-deny coturn's own database backend endpoints as relay peers
  • Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0 What's in this release
  • More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
  • Security fixes
What's Changed
  • Wrap atomic everywhere
  • Fix sendmmsg stride bug in multiplex-peer UDP batch flush
  • Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
  • Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
  • Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
  • Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
  • Enable --udp-recvmmsg by default on Linux
  • Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
  • Add continuous latency mode to stunclient
  • Fix test_redis_format link failure
  • Fix configure MANPREFIX typo
  • Fix missing sqlite3 dependendcy
  • Fix UDP receive buffer ownership

coturn-4.13.1-1.el9

18 hours 39 minutes ago
FEDORA-EPEL-2026-48a6ee99c9 Packages in this update:
  • coturn-4.13.1-1.el9
Update description: Coturn 4.13.1 What's in this release
  • Security fixes
What's Changed
  • Null-terminate server_name in stun_is_challenge_response_str
  • Canonicalize all IPv4-in-IPv6 encodings before peer-IP checks
  • Auto-deny coturn's own database backend endpoints as relay peers
  • Deny link-local / ULA / site-local relay peers by default
Coturn 4.13.0 What's in this release
  • More performance improvements for --udp-recvmmsg and --multiplex-peer. If your system does not rely on TURN unique ports give multiplexing a try - it has capacity to dramatically increase performance.
  • Security fixes
What's Changed
  • Wrap atomic everywhere
  • Fix sendmmsg stride bug in multiplex-peer UDP batch flush
  • Reap TURN permissions/channels via a per-thread sweep instead of per-object timers
  • Add --udp-sendmmsg-log to observe egress sendmmsg/UDP-GSO batching
  • Expose recvmmsg/sendmmsg UDP batch sizes as Prometheus metrics
  • Restrict recvmmsg fast path to shared fan-in sockets (make --udp-recvmmsg useful standalone)
  • Enable --udp-recvmmsg by default on Linux
  • Security hardening: port parsing, admin brute-force throttle, credential log redaction, constant-time compare, OAuth bounds checks, permission cap
  • Add continuous latency mode to stunclient
  • Fix test_redis_format link failure
  • Fix configure MANPREFIX typo
  • Fix missing sqlite3 dependendcy
  • Fix UDP receive buffer ownership

strongswan-6.0.7-2.fc43

23 hours 52 minutes ago
FEDORA-2026-67a9805962 Packages in this update:
  • strongswan-6.0.7-2.fc43
Update description:

Addresses CVE-2026-47895 which is a theoretical RCE

Fixes CVE-2026-25075, CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334

Update to address CVE-2025-9615 and CVE-2025-62291

util-linux-2.41.5-1.fc43

1 day ago
FEDORA-2026-a7ff7017ee Packages in this update:
  • util-linux-2.41.5-1.fc43
Update description:

upstream upgrade with security fixes:

  • CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount
  • CVE-2026-53613 - libmount: SUID bypass via LIBMOUNT_FORCE_MOUNT2 and legacy mount path
  • CVE-2026-53614 - libmount: fd_target TOCTOU prevention

util-linux-2.41.5-1.fc44

1 day ago
FEDORA-2026-c70cb96ff1 Packages in this update:
  • util-linux-2.41.5-1.fc44
Update description:

upstream upgrade with security fixes:

  • CVE-2026-53612 - libmount: TOCTOU attack via ancestor directory swap during mount
  • CVE-2026-53613 - libmount: SUID bypass via LIBMOUNT_FORCE_MOUNT2 and legacy mount path
  • CVE-2026-53614 - libmount: fd_target TOCTOU prevention
Checked
2 minutes 31 seconds ago