zabbix7.0-7.0.26-1.el8
FEDORA-EPEL-2026-2231087f23
Packages in this update:
- zabbix7.0-7.0.26-1.el8
Update to 7.0.26
Fedora Security Advisories
zabbix7.0-7.0.26-1.el10_3
FEDORA-EPEL-2026-c40a843b1e
Packages in this update:
- zabbix7.0-7.0.26-1.el10_3
Update to 7.0.26
zabbix7.0-7.0.26-1.el10_1
FEDORA-EPEL-2026-7ac763fa4a
Packages in this update:
- zabbix7.0-7.0.26-1.el10_1
Update to 7.0.26
zabbix6.0-6.0.46-1.el8
FEDORA-EPEL-2026-f027656c88
Packages in this update:
- zabbix6.0-6.0.46-1.el8
Update to 6.0.46
libgit2_1.9-1.9.3-1.el10_3 nix-2.31.5-1.el10_3
FEDORA-EPEL-2026-bc4da63b7d
Packages in this update:
- libgit2_1.9-1.9.3-1.el10_3
- nix-2.31.5-1.el10_3
- Update nix to version 2.31.5: fixes https://github.com/NixOS/nix/security/advisories/GHSA-vh5x-56v6-4368
- Initial import of a package for libgit2 v1.9.
pgbouncer-1.25.2-1.el10_2
FEDORA-EPEL-2026-7318ce33f7
Packages in this update:
- pgbouncer-1.25.2-1.el10_2
Update to 1.25.2.
pgbouncer-1.25.2-1.fc42
FEDORA-2026-cf2ba5b766
Packages in this update:
- pgbouncer-1.25.2-1.fc42
Update to 1.25.2.
pgbouncer-1.25.2-1.fc44
FEDORA-2026-d3d959a176
Packages in this update:
- pgbouncer-1.25.2-1.fc44
Update to 1.25.2.
pgbouncer-1.25.2-1.fc43
FEDORA-2026-fad57ac86d
Packages in this update:
- pgbouncer-1.25.2-1.fc43
Update to 1.25.2.
pgbouncer-1.25.2-1.el10_3
FEDORA-EPEL-2026-1f33c80992
Packages in this update:
- pgbouncer-1.25.2-1.el10_3
Update to 1.25.2.
pgbouncer-1.25.2-1.el9
FEDORA-EPEL-2026-68c1078728
Packages in this update:
- pgbouncer-1.25.2-1.el9
Update to 1.25.2.
pgbouncer-1.25.2-1.el10_1
FEDORA-EPEL-2026-b71cd02867
Packages in this update:
- pgbouncer-1.25.2-1.el10_1
Update to 1.25.2.
libmetal-2026.04.0-2.fc44 open-amp-2026.04.0-1.fc44
FEDORA-2026-c618807faa
Packages in this update:
- libmetal-2026.04.0-2.fc44
- open-amp-2026.04.0-1.fc44
Update to 2026.04.0
coturn-4.11.0-1.el10_1
FEDORA-EPEL-2026-8d74a3f689
Packages in this update:
- coturn-4.11.0-1.el10_1
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs
coturn-4.11.0-1.fc43
FEDORA-2026-f0fbd93125
Packages in this update:
- coturn-4.11.0-1.fc43
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs
coturn-4.11.0-1.fc42
FEDORA-2026-dfa8ea5809
Packages in this update:
- coturn-4.11.0-1.fc42
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs
coturn-4.11.0-1.el10_2
FEDORA-EPEL-2026-c9267b6791
Packages in this update:
- coturn-4.11.0-1.el10_2
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs
coturn-4.11.0-1.el8
FEDORA-EPEL-2026-f90771ac28
Packages in this update:
- coturn-4.11.0-1.el8
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs
coturn-4.11.0-1.fc44
FEDORA-2026-3b3139882c
Packages in this update:
- coturn-4.11.0-1.fc44
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs
coturn-4.11.0-1.el9
FEDORA-EPEL-2026-03f0bea6c6
Packages in this update:
- coturn-4.11.0-1.el9
- Fix prometheus response memory leak introduced in 4.10.0
- Use constant-time compare for STUN MESSAGE-INTEGRITY HMAC
- Fix format-string injection in Redis DB driver
- Abort on malformed allowed/denied-peer-ip at startup
- Pin session origin only after MESSAGE-INTEGRITY validates
- Fix build failure: define _GNU_SOURCE for recvmmsg() on Linux
- Drop udp_relay_servers_number config and clean up dead UDP id-space
- Add Unity-based unit test scaffolding
- Delete log line per relay thread on start
- Out of bound HTTP detection in parser
- Extend STUN client fuzz builder coverage
- Extend fuzzing coverage and enable local fuzzing in a container
- Cover all public stun_buffer.c wrappers in FuzzStunClient
- HTTP parsing fixes
- Unblock fuzz coverage for is_http and rare STUN attributes
- Seed address-mapping table in fuzz initializer
- Add deterministic challenge-response builder to FuzzStun
- Add fuzz coverage for integrity helpers
- Hoist turn_server_get_engine() out of per-packet hot path
- Inline addr_cpy() in the header
- Trim two redundant checks from per-packet relay hot path
- Inline get_ioa_addr_len() in the header
- Cache hot lookups in TURN data-path handlers
- Load generator mode in turnutils_uclient
- Filc harness and pointer typedefs