UbuntuUpdates.org

Package "coturn"

Name: coturn

Description:

TURN and STUN server for VoIP

Latest version: 4.5.0.7-1ubuntu2.18.10.1
Release: cosmic (18.10)
Level: security
Repository: universe
Homepage: https://github.com/coturn/coturn/

Links

Save this URL for the latest version of "coturn": https://www.ubuntuupdates.org/coturn


Download "coturn"


Other versions of "coturn" in Cosmic

Repository Area Version
base universe 4.5.0.7-1ubuntu2
updates universe 4.5.0.7-1ubuntu2.18.10.1

Changelog

Version: 4.5.0.7-1ubuntu2.18.10.1 2019-02-14 22:06:31 UTC

  coturn (4.5.0.7-1ubuntu2.18.10.1) cosmic-security; urgency=medium

  * [1328ae1] HotFix: for 3 Vulnerability.
    For more details see:
    - CVE-2018-4056 - coTURN Administrator Web Portal SQL injection vulnerability
    - CVE-2018-4058 - coTURN TURN server unsafe loopback forwarding default configuration vulnerability
    - CVE-2018-4059 - coTURN server unsafe telnet admin portal default configuration vulnerability
    These patches address hotfix the 3 CVE above.
    * Disable-Web-admin-interface-due-Security-Vulnerability.patch
    It disables hardcocded web admin interface until 4.5.1.0 where it will be fixed correctly.
    * Disable-loopback-peers-due-Vulnerability.patch
    Disable by default loopback-peer functionality.
    * empty-cli-password-not-allowed-disable-telnet-cli.patch
    Disable telnet cli if the cli-password is empty.

 -- Mészáros Mihály <email address hidden> Wed, 06 Feb 2019 14:56:38 +0100

CVE-2018-4056 An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a



About   -   Send Feedback to @ubuntu_updates