Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: 2020-0287 Moderate: coturn Information Leak Update

mageia
Calendar Grey July 10, 2020
Dist Mageia Esm H88
Revisions to coturn packages address a security vulnerability in Mageia, impacting versions prior to 4.5.1.3 and leading to potential data breaches.
The updated package fixes a security vulnerability: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly

Summary

The updated package fixes a security vulnerability:
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. (CVE-2020-4067)

References

- https://bugs.mageia.org/show_bug.cgi?id=26879

- https://lists.debian.org/debian-security-announce/2020/msg00115.html

- https://www.cve.org/CVERecord?id=CVE-2020-4067

Topics%20covered

Topics Covered

security advisory security issue information leak update Mageia coturn

Resolution

SRPMS

- 7/core/coturn-4.5.0.7-2.4.mga7

Publication date: 10 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0287.html
Type: security
CVE: CVE-2020-4067

Topics%20covered

Topics Covered

security advisory security issue information leak update Mageia coturn

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here