UbuntuUpdates.org

Package "coturn"

Name: coturn

Description:

TURN and STUN server for VoIP
Latest version: 4.5.1.1-1.1ubuntu0.20.04.2
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://github.com/coturn/coturn/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "coturn"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "coturn" in Focal

Repository Area Version
base universe 4.5.1.1-1.1build2
updates universe 4.5.1.1-1.1ubuntu0.20.04.2

Changelog

Version: 4.5.1.1-1.1ubuntu0.20.04.2 2021-01-11 15:07:09 UTC

  coturn (4.5.1.1-1.1ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Unsafe loopback interface
    - debian/patches/CVE-2020-26262.patch: Add check if address is in
      0.0.0.0/8 or ::/128.
    - CVE-2020-26262

 -- Mészáros Mihály <email address hidden> Mon, 14 Dec 2020 14:50:15 +0100
Source diff to previous version

Version: 4.5.1.1-1.1ubuntu0.20.04.1 2020-07-06 19:06:53 UTC

  coturn (4.5.1.1-1.1ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer overflow in HTTP POST request
    - debian/patches/CVE-2020-6061.patch: Fix overflow
    - CVE-2020-6061
  * SECURITY UPDATE: DoS when parsing certain HTTP POST request
    - debian/patches/CVE-2020-6062.patch: Fix parsing of POST requests
    - CVE-2020-6062
  * SECURITY UPDATE: Information leak between different client connections
    - debian/patches/CVE-2020-4067.patch: initialize with zero any new or
      reused stun buffers
    - CVE-2020-4067

 -- Eduardo Barretto <email address hidden> Thu, 02 Jul 2020 10:34:50 -0300
CVE-2020-6061 An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request ca
CVE-2020-6062 An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST reques
CVE-2020-4067 In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information bet


About   -   Send Feedback to @ubuntu_updates