Thank you for subscribing to the LinuxSecurity Linux Advisory Watch newsletter! Staying on top of the latest security advisories issued by the distro(s) you use is essential in maintaining an updated, secure Linux system. Our weekly newsletter is an easy, convenient way to track distribution security advisories - helping you keep your Linux environment safe from malware and other exploits.


Important advisories issued this week include a warning from ArchLinux of multiple issues with freerdp and critical CentOS 6 and CentOS 7 Firefox updates mitigating multiple serious vulnerabilities in the popular web browser. Continue reading to learn about other significant advisories issued this week. Stay healthy, safe and secure - both on and offline!

LinuxSecurity.com Feature Extras:

Apache SpamAssassin Leads A Growing List of Open-Source Projects Taking Steps to Correct Instances of Racism and White Privilege - Over the past few weeks, a heated debate has arisen on the Apache SpamAssassin users list regarding the replacement of racially charged terms like whitelist and blacklist used in the  Apache Spamassassin Project s code with more inclusive language. Certain community members have been very supportive of Apache SpamAssassins efforts to remove racially insensitive language from the project, while others have loudly voiced their disapproval.

Top Tips for Securing Your Linux System in 2020 - Linux servers are at greater risk than ever. While only a few years ago Linux users could count themselves as the lucky few who didnt have to worry about malware and computer viruses, this era has unfortunately come to an end . Attackers now view Linux servers as a viable target that often provides a valuable return on investment. In March of 2018, 15,762 new Linux malware variants were developed - a significant increase from the 4,706 new variants developed in March of 2017 .

  Debian: DSA-4725-1: evolution-data-server security update (Jul 15)
 

Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks.
  Debian: DSA-4724-1: webkit2gtk security update (Jul 15)
 

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2020-9802
  Debian: DSA-4714-3: chromium regression update (Jul 13)
 

The previous update for chromium released as DSA 4714-2 contained a flaw in the service worker implementation. This problem causes the browser to crash when a connection error occurs. Updated chromium packages are now available that correct this issue.
  Debian: DSA-4723-1: xen security update (Jul 12)
 

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks.
  Fedora 31: python39 2020-b513391ca8 (Jul 16)
 

Update to 3.9.0b4
  Fedora 32: bashtop 2020-ff38f3a401 (Jul 16)
 

0.9.24 release
  Fedora 32: python39 2020-705c6ea5be (Jul 16)
 

Update to 3.9.0b4
  Fedora 31: snapd 2020-ccb155ea2c (Jul 15)
 

Update to v2.45.2 to fix CVE-2020-11933 and CVE-2020-11934
  Fedora 31: kernel 2020-3be4990c1d (Jul 15)
 

The 5.7.8 stable kernel update contains a number of important fixes across the tree.
  Fedora 32: snapd 2020-7685deba9b (Jul 15)
 

Update to v2.45.2 to fix CVE-2020-11933 and CVE-2020-11934
  Fedora 32: xen 2020-fbc13516af (Jul 15)
 

incorrect error handling in event channel port allocation leads to DoS [XSA-317, CVE-2020-15566] (#1854465) inverted code paths in x86 dirty VRAM tracking leads to DoS [XSA-319, CVE-2020-15563] (#1854463) xen: insufficient cache write-back under VT-d leads to DoS [XSA-321, CVE-2020-15565] (#1854467) missing alignment check in VCPUOP_register_vcpu_info leads to DoS [XSA-327, CVE-2020-15564]
  Fedora 32: roundcubemail 2020-4ccfee6d83 (Jul 14)
 

**RELEASE 1.4.7** - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout (#7418) - Elastic: Fix context menu (paste) on the recipient input (#7431) - Fix problem with forwarding inline images attached to
  Fedora 31: podofo 2020-9364a9ea32 (Jul 14)
 

Add patch to bump W_MAX_BYTES to 8.
  Fedora 31: roundcubemail 2020-5352732865 (Jul 14)
 

**RELEASE 1.4.7** - Fix bug where subfolders of special folders could have been duplicated on folder list - Increase maximum size of contact jobtitle and department fields to 128 characters - Fix missing newline after the logged line when writing to stdout (#7418) - Elastic: Fix context menu (paste) on the recipient input (#7431) - Fix problem with forwarding inline images attached to
  Fedora 32: mingw-podofo 2020-16ee06de63 (Jul 13)
 

Add podofo_maxbytes.patch
  Fedora 32: python-rsa 2020-5ed5627d2b (Jul 13)
 

Fix CVE-2020-13757
  Fedora 31: seamonkey 2020-0fc1639c88 (Jul 12)
 

Update to 2.53.3 The database format of the stored passwords and certificates in the user profile are now changed. SeaMonkey should perform the changes hiddenly at the first run, just asking for the master password (if used). To avoid a hypothetical data loss, it is recommended to backup user profile before the update, or even drop master password temporary. After the change, new files
  Fedora 31: mingw-podofo 2020-afa955de8a (Jul 12)
 

Add podofo_maxbytes.patch
  Fedora 31: botan2 2020-f9a8f05df5 (Jul 12)
 

Backport patch for #1849743 (CBC padding side channel) from 2.14.0.
  Fedora 31: LibRaw 2020-f407db0e65 (Jul 12)
 

Backported patch for CVE-2020-15503
  Fedora 32: webkit2gtk3 2020-ab074c6cdf (Jul 11)
 

Update to 2.28.3: * Fix kinetic scrolling with async scrolling. * Fix web process hangs on large GitHub pages. * Bubblewrap sandbox should not attempt to bind empty paths. * Fix threading issues in the media player. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850,
  Fedora 32: kernel 2020-3c3d1d7006 (Jul 11)
 

The 5.7.8 stable kernel update contains a number of important fixes across the tree.
  Fedora 32: seamonkey 2020-7e974bd2bb (Jul 11)
 

Update to 2.53.3 The database format of the stored passwords and certificates in the user profile are now changed. SeaMonkey should perform the changes hiddenly at the first run, just asking for the master password (if used). To avoid a hypothetical data loss, it is recommended to backup user profile before the update, or even drop master password temporary. After the change, new files
  Fedora 32: mingw-podofo 2020-2d80e03190 (Jul 10)
 

This update applies a proposed fix for CVE-2018-12983.
  Fedora 32: podofo 2020-2d80e03190 (Jul 10)
 

This update applies a proposed fix for CVE-2018-12983.
  Fedora 32: mingw-OpenEXR 2020-a9a0f8f6cd (Jul 10)
 

Backport patches for CVE-2020-15306, CVE-2020-15305, CVE-2020-15304
  Fedora 31: squid 2020-cbebc5617e (Jul 10)
 

Security fix
  Fedora 31: mingw-podofo 2020-71e2092ebc (Jul 10)
 

This update applies a proposed fix for CVE-2018-12983.
  Fedora 31: podofo 2020-71e2092ebc (Jul 10)
 

This update applies a proposed fix for CVE-2018-12983.
  Fedora 31: mingw-OpenEXR 2020-8394f7fd12 (Jul 10)
 

Backport patches for CVE-2020-15306, CVE-2020-15305, CVE-2020-15304
  Fedora 32: LibRaw 2020-f421eea477 (Jul 9)
 

Backported patch for CVE-2020-15503
  Fedora 31: python-pillow 2020-d0737711b6 (Jul 9)
 

This update fixes CVE-2020-10177, CVE-2020-10994, CVE-2020-10379, CVE-2020-11538 and CVE-2020-10378.
  Fedora 31: python36 2020-ea5bdbcc90 (Jul 9)
 

# Python 3.6.11 Python 3.6.11 is the latest security fix release of Python 3.6. - bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks. - bpo-38576: Disallow control characters in hostnames in http.client, addressing CVE-2019-18348. Such potentially malicious header injection URLs now cause a InvalidURL to be raised. -
  Fedora 31: curl 2020-55f1f7cb13 (Jul 9)
 

- avoid overwriting a local file with -J (CVE-2020-8177) - fix partial password leak over DNS on HTTP redirect (CVE-2020-8169)
  RedHat: RHSA-2020-2988:01 Critical: .NET Core security and bugfix update (Jul 16)
 

An update for .NET Core is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-2985:01 Important: java-1.8.0-openjdk security update (Jul 16)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2968:01 Important: java-1.8.0-openjdk security update (Jul 16)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2972:01 Important: java-1.8.0-openjdk security update (Jul 16)
 

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2969:01 Important: java-11-openjdk security update (Jul 16)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2970:01 Important: java-11-openjdk security and (Jul 16)
 

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2971:01 Important: jbig2dec security update (Jul 16)
 

An update for jbig2dec is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2966:01 Important: thunderbird security update (Jul 16)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2967:01 Important: sane-backends security update (Jul 16)
 

An update for sane-backends is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2954:01 Critical: .NET Core 3.1 security and bugfix update (Jul 15)
 

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2939:01 Critical: .NET Core 3.1 on Red Hat Enterprise (Jul 15)
 

An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2938:01 Critical: .NET Core security and bugfix update (Jul 15)
 

An update for .NET Core is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-2937:01 Critical: .NET Core 2.1 on Red Hat Enterprise (Jul 15)
 

An update for rh-dotnet21-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2933:01 Moderate: kernel security and bug fix update (Jul 15)
 

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-2906:01 Important: thunderbird security update (Jul 14)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2907:01 Important: thunderbird security update (Jul 14)
 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2902:01 Important: sane-backends security update (Jul 14)
 

An update for sane-backends is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2878:01 Low: OpenShift Container Platform 4.4.12 (Jul 13)
 

An update for ose-cloud-credential-operator-container is now available for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2901:01 Important: dovecot security update (Jul 13)
 

An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2412:01 Moderate: OpenShift Container Platform 4.5 (Jul 13)
 

An update is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from
  RedHat: RHSA-2020-2413:01 Moderate: OpenShift Container Platform 4.5 (Jul 13)
 

An update for machine-config-daemon and openshift is now available for Red Hat OpenShift Container Platform 4.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
  RedHat: RHSA-2020-2894:01 Important: dbus security update (Jul 13)
 

An update for dbus is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2897:01 Important: jbig2dec security update (Jul 13)
 

An update for jbig2dec is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability
  RedHat: RHSA-2020-2893:01 Important: bind security update (Jul 13)
 

An update for bind is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  RedHat: RHSA-2020-2895:01 Important: rh-nodejs12-nodejs security update (Jul 13)
 

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,
  SUSE: 2020:1891-1 important: xen (Jul 13)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2019:1267-3 moderate: graphviz (Jul 13)
 

An update that fixes one vulnerability is now available.
  SUSE: 2020:1889-1 important: xen (Jul 10)
 

An update that solves 5 vulnerabilities and has one errata is now available.
  SUSE: 2020:1888-1 important: xen (Jul 10)
 

An update that fixes four vulnerabilities is now available.
  SUSE: 2020:1886-1 important: xen (Jul 10)
 

An update that fixes three vulnerabilities is now available.
  SUSE: 2020:1887-1 important: xen (Jul 10)
 

An update that solves 5 vulnerabilities and has one errata is now available.
  Ubuntu 4424-1: snapd vulnerabilities (Jul 15)
 

An intended access restriction in snapd could be bypassed by strict mode snaps.
  Ubuntu 4199-2: libvpx vulnerabilities (Jul 15)
 

Several security issues were fixed in libvpx.
  Ubuntu 4423-1: Firefox vulnerability (Jul 14)
 

A X-Frame-Options bypass was discovered in Firefox.
  Ubuntu 4422-1: WebKitGTK+ vulnerabilities (Jul 14)
 

Several security issues were fixed in WebKitGTK.
  Ubuntu 4376-2: OpenSSL vulnerabilities (Jul 9)
 

Several security issues were fixed in OpenSSL.
  Debian LTS: DLA-2281-1: evolution-data-server security update (Jul 16)
 

Damian Poddebniak and Fabian Ising discovered a response injection vulnerability in Evolution data server, which could enable MITM attacks.
  Debian LTS: DLA-2280-1: python3.5 security update (Jul 15)
 

Multiple security issues were discovered in Python, an interactive high-level object-oriented language. CVE-2018-20406
  Debian LTS: DLA-2279-1: tomcat8 security update (Jul 12)
 

Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
  Debian LTS: DLA-2278-1: squid3 security update (Jul 10)
 

It was found that Squid, a high-performance proxy caching server for web clients, has been affected by multiple security vulnerabilities. Due to incorrect input validation and URL request handling it was possible to bypass access restrictions for restricted HTTP servers
  CentOS: CESA-2020-2894: Important CentOS 7 dbus (Jul 14)
 

Upstream details at : https://access.redhat.com/errata/RHSA-2020:2894
  SciLinux: SLSA-2020-2966-1 Important: thunderbird on SL6.x i386/x86_64 (Jul 16)
 

Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) SL6 x86_64 thunderbird-68.10.0-1.el6_10.x86_64 [More...]
  SciLinux: SLSA-2020-2933-1 Moderate: kernel on SL6.x i386/x86_64 (Jul 15)
 

kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) SL6 x86_64 kernel-2.6.32-754.31.1.el6.x86_64.rpm kernel-debug-2.6.32-754.31.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.31.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.31.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.31.1.el6.i686.rpm kernel-debug-devel-2.6.3 [More...]
  SciLinux: SLSA-2020-2906-1 Important: thunderbird on SL7.x x86_64 (Jul 14)
 

Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate tr [More...]
  SciLinux: SLSA-2020-2894-1 Important: dbus on SL7.x x86_64 (Jul 13)
 

dbus: denial of service via file descriptor leak (CVE-2020-12049) SL7 x86_64 dbus-1.10.24-14.el7_8.x86_64.rpm dbus-debuginfo-1.10.24-14.el7_8.i686.rpm dbus-debuginfo-1.10.24-14.el7_8.x86_64.rpm dbus-libs-1.10.24-14.el7_8.i686.rpm dbus-libs-1.10.24-14.el7_8.x86_64.rpm dbus-x11-1.10.24-14.el7_8.x86_64.rpm dbus-devel-1.10.24-14.el7_8.i686.rpm dbus-devel-1.10.24- [More...]
  openSUSE: 2020:0970-1: moderate: openexr (Jul 16)
 

An update that fixes three vulnerabilities is now available.
  openSUSE: 2020:0965-1: important: xen (Jul 15)
 

An update that solves 5 vulnerabilities and has one errata is now available.
  openSUSE: 2020:0967-1: important: MozillaThunderbird (Jul 15)
 

An update that fixes 5 vulnerabilities is now available.
  openSUSE: 2020:0958-1: moderate: hylafax+ (Jul 14)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0957-1: moderate: permissions (Jul 14)
 

An update that contains security fixes can now be installed.
  openSUSE: 2020:0960-1: important: LibVNCServer (Jul 14)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0956-1: important: openldap2 (Jul 14)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2020:0955-1: moderate: mozilla-nss (Jul 13)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2020:0952-1: moderate: nasm (Jul 13)
 

An update that solves 13 vulnerabilities and has one errata is now available.
  openSUSE: 2020:0953-1: moderate: mozilla-nss (Jul 13)
 

An update that solves one vulnerability and has one errata is now available.
  openSUSE: 2020:0954-1: moderate: nasm (Jul 13)
 

An update that solves 13 vulnerabilities and has one errata is now available.
  openSUSE: 2020:0950-1: important: opera (Jul 10)
 

An update that fixes one vulnerability is now available.
  openSUSE: 2020:0949-1: important: opera (Jul 10)
 

An update that fixes one vulnerability is now available.
  Mageia 2020-0293: mbedtls security update (Jul 10)
 

Updated mbedtls packages fix security vulnerabilities Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave.
  Mageia 2020-0292: mediawiki security update (Jul 10)
 

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.8, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This
  Mageia 2020-0291: xpdf security update (Jul 10)
 

Advisory text to describe the update. Wrap lines at ~75 chars. A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool.
  Mageia 2020-0290: ffmpeg security update (Jul 10)
 

Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.6, which fixes several security vulnerabilities and other bugs which were corrected upstream.
  Mageia 2020-0289: samba security update (Jul 10)
 

Updated samba packages fix security vulnerabilities: Andrew Bartlett discovered that Samba incorrectly handled certain LDAP queries. A remote attacker could use this issue to cause Samba to crash, resulting in a denial of service, or possibly execute arbitrary code
  Mageia 2020-0288: vino security update (Jul 10)
 

The updated package fixes security vulnerabilities: An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. (CVE-2020-14397) Byte-aligned data is accessed through uint16_t pointers in
  Mageia 2020-0287: coturn security update (Jul 10)
 

The updated package fixes a security vulnerability: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker)