UbuntuUpdates.org

Package "coturn"

Name: coturn

Description:

TURN and STUN server for VoIP
Latest version: 4.5.0.3-1ubuntu0.4
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: https://github.com/coturn/coturn/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "coturn"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "coturn" in Xenial

Repository Area Version
base universe 4.5.0.3-1build1
updates universe 4.5.0.3-1ubuntu0.4

Changelog

Version: 4.5.0.3-1ubuntu0.4 2021-01-11 15:07:04 UTC

  coturn (4.5.0.3-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Unsafe loopback interface
    - debian/patches/CVE-2020-26262.patch: Add check if address is in
      0.0.0.0/8 or ::/128.
    - CVE-2020-26262

 -- Mészáros Mihály <email address hidden> Mon, 14 Dec 2020 14:50:15 +0100
Source diff to previous version

Version: 4.5.0.3-1ubuntu0.3 2020-07-06 20:06:24 UTC

  coturn (4.5.0.3-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer overflow in HTTP POST request
    - debian/patches/CVE-2020-6061.patch: Fix overflow
    - CVE-2020-6061
  * SECURITY UPDATE: DoS when parsing certain HTTP POST request
    - debian/patches/CVE-2020-6062.patch: Fix parsing of POST requests
    - CVE-2020-6062
  * SECURITY UPDATE: Information leak between different client connections
    - debian/patches/CVE-2020-4067.patch: initialize with zero any new or
      reused stun buffers
    - CVE-2020-4067

 -- Eduardo Barretto <email address hidden> Thu, 02 Jul 2020 12:51:17 -0300
Source diff to previous version
CVE-2020-6061 An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request ca
CVE-2020-6062 An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST reques
CVE-2020-4067 In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information bet

Version: 4.5.0.3-1ubuntu0.2 2019-02-14 22:06:27 UTC

  coturn (4.5.0.3-1ubuntu0.2) xenial-security; urgency=medium

  * Disable autotests on armhf for now as tests segfault (when tried
    multiple times).

 -- Eduardo Barretto <email address hidden> Thu, 14 Feb 2019 15:36:33 -0200


About   -   Send Feedback to @ubuntu_updates