Fedora has issued an advisory on March 4: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37LHFMZ3OPUJRL3DZ3WVCJ7FO62HMVUT/
Fixed by https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b (4.9.0)
Flags: (none) => affects_mga9+CVE: (none) => CVE-2026-27624Whiteboard: (none) => MGA9TOOSource RPM: (none) => coturn-4.8.0-1.mga10.src.rpm, coturn-4.6.2-1.mga9.src.rpmStatus comment: (none) => Fixed upstream in 4.9.0 and patch available from upstream
For Cauldron, I asked for a freeze move. Suggested advisory: ======================== The updated package fixes a security vulnerability: IPv4-mapped IPv6 (::ffff:0:0/96) bypasses denied-peer-ip ACL. (CVE-2026-27624) References: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37LHFMZ3OPUJRL3DZ3WVCJ7FO62HMVUT/ ======================== Updated package in core/updates_testing: ======================== coturn-4.6.2-1.1.mga9 from SRPM: coturn-4.6.2-1.1.mga9.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 9Source RPM: coturn-4.8.0-1.mga10.src.rpm, coturn-4.6.2-1.mga9.src.rpm => coturn-4.6.2-1.mga9.src.rpmStatus comment: Fixed upstream in 4.9.0 and patch available from upstream => (none)Flags: affects_mga9+ => (none)Assignee: bugsquad => qa-bugsWhiteboard: MGA9TOO => (none)
MGA9-64 server Plasma Wayland on Compaq H000SB No installation issues. Ref bug 26879 # systemctl -l status turnserver ○ turnserver.service - coturn Loaded: loaded (/usr/lib/systemd/system/turnserver.service; disabled; preset: disabled) Active: inactive (dead) Docs: man:coturn(1) man:turnadmin(1) man:turnserver(1) # systemctl start turnserver # systemctl -l status turnserver ● turnserver.service - coturn Loaded: loaded (/usr/lib/systemd/system/turnserver.service; disabled; preset: disabled) Active: active (running) since Fri 2026-03-06 10:33:35 CET; 17s ago Docs: man:coturn(1) man:turnadmin(1) man:turnserver(1) Main PID: 18481 (turnserver) Tasks: 9 (limit: 8805) Memory: 5.0M CPU: 11.567s CGroup: /system.slice/turnserver.service └─18481 /usr/bin/turnserver -c /etc/turnserver/turnserver.conf Mar 06 10:33:35 mach3.hviaene.thuis systemd[1]: Starting turnserver.service... Mar 06 10:33:35 mach3.hviaene.thuis systemd[1]: Started turnserver.service. $ netstat -nl | grep 3478 tcp 0 0 192.168.2.3:3478 0.0.0.0:* LISTEN tcp 0 0 192.168.2.3:3478 0.0.0.0:* LISTEN tcp 0 0 192.168.2.3:3478 0.0.0.0:* LISTEN tcp 0 0 192.168.2.3:3478 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3478 0.0.0.0:* LISTEN tcp6 0 0 ::1:3478 :::* LISTEN tcp6 0 0 ::1:3478 :::* LISTEN tcp6 0 0 ::1:3478 :::* LISTEN tcp6 0 0 ::1:3478 :::* LISTEN tcp6 0 0 fd00::baee:65ff:fe:3478 :::* LISTEN tcp6 0 0 fd00::baee:65ff:fe:3478 :::* LISTEN tcp6 0 0 fd00::baee:65ff:fe:3478 :::* LISTEN tcp6 0 0 fd00::baee:65ff:fe:3478 :::* LISTEN udp 0 0 192.168.2.3:3478 0.0.0.0:* udp 0 0 192.168.2.3:3478 0.0.0.0:* udp 0 0 192.168.2.3:3478 0.0.0.0:* udp 0 0 192.168.2.3:3478 0.0.0.0:* udp 0 0 127.0.0.1:3478 0.0.0.0:* udp 0 0 127.0.0.1:3478 0.0.0.0:* udp 0 0 127.0.0.1:3478 0.0.0.0:* udp 0 0 127.0.0.1:3478 0.0.0.0:* udp6 0 0 ::1:3478 :::* udp6 0 0 ::1:3478 :::* udp6 0 0 ::1:3478 :::* udp6 0 0 ::1:3478 :::* udp6 0 0 fd00::baee:65ff:fe:3478 :::* udp6 0 0 fd00::baee:65ff:fe:3478 :::* udp6 0 0 fd00::baee:65ff:fe:3478 :::* udp6 0 0 fd00::baee:65ff:fe:3478 :::* [tester9@mach3 ~]$ telnet 192.168.2.3 3478 Trying 192.168.2.3... Connected to mach3.hviaene.thuis (192.168.2.3). Escape character is '^]'. OK to go.
Flags: (none) => test_passed_mga9_64+Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
CC: (none) => andrewsfarmKeywords: (none) => advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2026-0051.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED