UbuntuUpdates.org

Package "coturn"

Name: coturn

Description:

TURN and STUN server for VoIP

Latest version: 4.5.1.1-1.1ubuntu0.20.04.1
Release: focal (20.04)
Level: security
Repository: universe
Homepage: https://github.com/coturn/coturn/

Links


Download "coturn"


Other versions of "coturn" in Focal

Repository Area Version
base universe 4.5.1.1-1.1build2
updates universe 4.5.1.1-1.1ubuntu0.20.04.1

Changelog

Version: 4.5.1.1-1.1ubuntu0.20.04.1 2020-07-06 19:06:53 UTC

  coturn (4.5.1.1-1.1ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer overflow in HTTP POST request
    - debian/patches/CVE-2020-6061.patch: Fix overflow
    - CVE-2020-6061
  * SECURITY UPDATE: DoS when parsing certain HTTP POST request
    - debian/patches/CVE-2020-6062.patch: Fix parsing of POST requests
    - CVE-2020-6062
  * SECURITY UPDATE: Information leak between different client connections
    - debian/patches/CVE-2020-4067.patch: initialize with zero any new or
      reused stun buffers
    - CVE-2020-4067

 -- Eduardo Barretto <email address hidden> Thu, 02 Jul 2020 10:34:50 -0300

CVE-2020-6061 An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request ca
CVE-2020-6062 An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST reques
CVE-2020-4067 In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information bet



About   -   Send Feedback to @ubuntu_updates