-
coturn (4.5.0.7-1ubuntu2.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: Unsafe loopback interface
- debian/patches/CVE-2020-26262.patch: Add check if address is in
0.0.0.0/8 or ::/128.
- CVE-2020-26262
-- Mészáros Mihály <email address hidden> Mon, 14 Dec 2020 14:50:15 +0100
-
coturn (4.5.0.7-1ubuntu2.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-buffer overflow in HTTP POST request
- debian/patches/CVE-2020-6061.patch: Fix overflow
- CVE-2020-6061
* SECURITY UPDATE: DoS when parsing certain HTTP POST request
- debian/patches/CVE-2020-6062.patch: Fix parsing of POST requests
- CVE-2020-6062
* SECURITY UPDATE: Information leak between different client connections
- debian/patches/CVE-2020-4067.patch: initialize with zero any new or
reused stun buffers
- CVE-2020-4067
-- Eduardo Barretto <email address hidden> Thu, 02 Jul 2020 12:49:53 -0300
-
coturn (4.5.0.7-1ubuntu2.18.04.1) bionic-security; urgency=medium
* [1328ae1] HotFix: for 3 Vulnerability.
For more details see:
- CVE-2018-4056 - coTURN Administrator Web Portal SQL injection vulnerability
- CVE-2018-4058 - coTURN TURN server unsafe loopback forwarding default configuration vulnerability
- CVE-2018-4059 - coTURN server unsafe telnet admin portal default configuration vulnerability
These patches address hotfix the 3 CVE above.
* Disable-Web-admin-interface-due-Security-Vulnerability.patch
It disables hardcocded web admin interface until 4.5.1.0 where it will be fixed correctly.
* Disable-loopback-peers-due-Vulnerability.patch
Disable by default loopback-peer functionality.
* empty-cli-password-not-allowed-disable-telnet-cli.patch
Disable telnet cli if the cli-password is empty.
-- Mészáros Mihály <email address hidden> Wed, 06 Feb 2019 14:56:38 +0100
-
coturn (4.5.0.7-1ubuntu2) bionic; urgency=high
* No change rebuild against openssl1.1.
-- Dimitri John Ledkov <email address hidden> Tue, 06 Feb 2018 12:41:30 +0000
-
coturn (4.5.0.7-1ubuntu1) bionic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Dont run the testsuite on armhf for now as random segfaults occur on a
clean chroot.
coturn (4.5.0.7-1) unstable; urgency=medium
* Sync to upstream 4.5.0.7
-- Bhavani Shankar <email address hidden> Tue, 12 Dec 2017 21:59:23 +0530
-
coturn (4.5.0.6-1ubuntu2) artful; urgency=medium
* No-change rebuild against libevent-core-2.1-6
-- Steve Langasek <email address hidden> Mon, 31 Jul 2017 01:27:29 +0000