The following Fedora EPEL 8 Security updates need testing: Age URL 96 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2 xpdf-4.06-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-82f07c2a59 apptainer-1.4.5-3.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ba6edda336 libmodbus-3.1.12-1.el8

The following builds have been pushed to Fedora EPEL 8 updates-testing

beakerlib-1.33.1-1.el8 coturn-4.9.0-1.el8 objfw-1.5.1-1.el8 openbao-2.5.1-1.el8 radicale-3.6.1-1.el8 valkey-8.0.7-1.el8 zork-1.0.3-12.el8

Details about builds:

================================================================================ beakerlib-1.33.1-1.el8 (FEDORA-EPEL-2026-751e8a94fd) A shell-level integration testing library -------------------------------------------------------------------------------- Update Information:

Automatic update for beakerlib-1.33.1-1.el8. Changelog for beakerlib * Tue Feb 24 2026 Dalibor Pospisil dapospis@redhat.com - 1.33.1 - updated the dnf/yum rpm dependencies, by yselkowitz -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 24 2026 Dalibor Pospisil dapospis@redhat.com - 1.33.1 - updated the dnf/yum rpm dependencies, by yselkowitz --------------------------------------------------------------------------------

================================================================================ coturn-4.9.0-1.el8 (FEDORA-EPEL-2026-5537969548) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information:

Coturn 4.9.0 Multiple security fixes Fix to Web Admin password check Cleanup of deprecated OpenSSL APIs Fix for CVE-2026-27624: Bypass localhost and IP range block using IPv4-mapped IPv6 -------------------------------------------------------------------------------- ChangeLog:

* Wed Feb 25 2026 Robert Scheck robert@fedoraproject.org - 4.9.0-1 - Upgrade to 4.9.0 (#2442144) - Add patch to build successfully using OpenSSL 1.1.1 on RHEL 8 * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 4.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering releng@fedoraproject.org - 4.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2442144 - coturn-4.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442144 --------------------------------------------------------------------------------

================================================================================ objfw-1.5.1-1.el8 (FEDORA-EPEL-2026-e3147a9525) Portable, lightweight framework for the Objective-C language -------------------------------------------------------------------------------- Update Information:

Fixes a deadlock. Update to 1.5 -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 24 2026 Jonathan Schleifer js@fedoraproject.org - 1.5.1-1 - Update to 1.5.1 * Sun Feb 22 2026 Jonathan Schleifer js@fedoraproject.org - 1.5-2 - Add CMake files to %files * Sun Feb 22 2026 Jonathan Schleifer js@fedoraproject.org - 1.5-1 - Update to 1.5 --------------------------------------------------------------------------------

================================================================================ openbao-2.5.1-1.el8 (FEDORA-EPEL-2026-514cb99c8f) A tool for securely accessing secrets -------------------------------------------------------------------------------- Update Information:

Update to upstream 2.5.1 Also fixes CVE-2025-58189, CVE-2025-61723, CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8. -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 24 2026 Dave Dykstra 2129743+DrDaveD@users.noreply.github.com - 2.5.1-1 - update to upstream 2.5.1 * Wed Feb 4 2026 Dave Dykstra 2129743+DrDaveD@users.noreply.github.com - 2.5.0-1 - update to 2.5.0 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2407513 - CVE-2025-58189 openbao: go crypto/tls ALPN negotiation error contains attacker controlled information [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2407513 [ 2 ] Bug #2408542 - CVE-2025-61725 openbao: Excessive CPU consumption in ParseAddress in net/mail [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2408542 [ 3 ] Bug #2408965 - CVE-2025-61723 openbao: Quadratic complexity when parsing some invalid inputs in encoding/pem [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2408965 [ 4 ] Bug #2409907 - CVE-2025-58185 openbao: Parsing DER payload can cause memory exhaustion in encoding/asn1 [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2409907 [ 5 ] Bug #2410847 - CVE-2025-58188 openbao: Panic when validating certificates with DSA public keys in crypto/x509 [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2410847 [ 6 ] Bug #2412489 - CVE-2025-58183 openbao: Unbounded allocation when parsing GNU sparse map [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2412489 --------------------------------------------------------------------------------

================================================================================ radicale-3.6.1-1.el8 (FEDORA-EPEL-2026-cfc9e528b4) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information:

Update to 3.6.1 -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 24 2026 Peter Bieringer pb@bieringer.de - 3.6.1-1 - Update to 3.6.1 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2442224 - radicale-3.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2442224 --------------------------------------------------------------------------------

================================================================================ valkey-8.0.7-1.el8 (FEDORA-EPEL-2026-6587a55db1) A persistent key-value database -------------------------------------------------------------------------------- Update Information:

Valkey 8.0.7 - Released Mon 23 February 2026 Upgrade urgency SECURITY: This release includes security fixes we recommend you apply as soon as possible. Security fixes (CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message (CVE-2025-67733) RESP Protocol Injection via Lua error_reply Bug fixes Fix ltrim should not call signalModifiedKey when no elements are removed (#2787) Fix chained replica crash when doing dual channel replication (#2983) Fix used_memory_dataset underflow due to miscalculated used_memory_overhead (#3005) Avoids crash during MODULE UNLOAD when ACL rules reference a module command and subcommand (#3160) Fix server assert on ACL LOAD and resetchannels (#3182) Fix bug causing no response flush sometimes when IO threads are busy (#3205) -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 24 2026 Remi Collet remi@fedoraproject.org - 8.0.7-1 - Valkey 8.0.7 - Released Mon 23 February 2026 - Upgrade urgency SECURITY: This release includes security fixes -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2442219 - CVE-2025-67733 valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442219 [ 2 ] Bug #2442230 - CVE-2026-21863 valkey: Valkey: Denial of Service via invalid clusterbus packet [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2442230 --------------------------------------------------------------------------------

================================================================================ zork-1.0.3-12.el8 (FEDORA-EPEL-2026-9798056063) Public Domain original DUNGEON game (AKA, Zork) -------------------------------------------------------------------------------- Update Information:

Fix FTBFS. Thanks @limb for the hotfix. -------------------------------------------------------------------------------- ChangeLog:

* Sun Feb 22 2026 Justin Wheeler jwheel@fedoraproject.org - 1.0.3-12 - Fix FTBFS. Thanks @limb for the hotfix. - Upstream work ongoing for improved support with newer versions of the C programming language and compilers. * Sat Jan 17 2026 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Jan 19 2025 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sat Jul 20 2024 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sat Jan 27 2024 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sat Jul 22 2023 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 1.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------