openSUSE 15.2: 2020:0937-1 Moderate: coturn Binding Port Issue
opensuse
July 7, 2020
An update that fixes one vulnerability is now available.
Description
This update for coturn fixes the following issues:
Version 4.5.1.3:
* Remove reference to SSLv3: gh#coturn/coturn#566
* Ignore MD5 for BoringSSL: gh#coturn/coturn#579
* STUN response buffer not initialized properly; he issue found and
reported gh#coturn/coturn#583 by Felix Dörre all credits belongs to
him. CVE-2020-4067, boo#1173510
- Let coturn allow binding to ports below 1024 per default
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-937=1
Package List
- openSUSE Leap 15.2 (x86_64):
coturn-4.5.1.3-lp152.2.3.1
coturn-debuginfo-4.5.1.3-lp152.2.3.1
coturn-debugsource-4.5.1.3-lp152.2.3.1
coturn-devel-4.5.1.3-lp152.2.3.1
coturn-utils-4.5.1.3-lp152.2.3.1
coturn-utils-debuginfo-4.5.1.3-lp152.2.3.1
References
https://www.suse.com/security/cve/CVE-2020-4067.html
https://bugzilla.suse.com/1173510
--
PREVIOUS
NEXT
Announcement ID: openSUSE-SU-2020:0937-1
Rating: moderate
Affected Products:
openSUSE Leap 15.2
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!