drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Denial of Service in coturn
Name: |
Denial of Service in coturn |
|
ID: |
FEDORA-2020-d9287bb71d |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 30 |
|
Datum: |
Mo, 25. Mai 2020, 08:42 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6061 |
|
Applikationen: |
coturn |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2020-d9287bb71d 2020-05-25 03:20:34.026024 ------------------------------------------------------------------------------- -
Name : coturn Product : Fedora 30 Version : 4.5.1.2 Release : 1.fc30 URL : https://github.com/coturn/coturn/ Summary : TURN/STUN & ICE Server Description : The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server/gateway, too.
This implementation also includes some extra features. Supported RFCs:
TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying TURN extension - RFC 6156 - IPv6 extension for TURN - Experimental DTLS support as client protocol.
STUN specs: - RFC 3489 - "classic" STUN - RFC 5389 - base "new" STUN specs - RFC 5769 - test vectors for STUN protocol testing - RFC 5780 - NAT behavior discovery support
The implementation fully supports the following client-to-TURN-server protocols: - UDP (per RFC 5766) - TCP (per RFC 5766 and RFC 6062) - TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2 - DTLS (experimental non-standard feature)
Supported relay protocols: - UDP (per RFC 5766) - TCP (per RFC 6062)
Supported user databases (for user repository, with passwords or keys, if authentication is required): - SQLite - MySQL - PostgreSQL - Redis
Redis can also be used for status and statistics storage and notification.
Supported TURN authentication mechanisms: - long-term - TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications)
The load balancing can be implemented with the following tools (either one or a combination of them): - network load-balancer server - DNS-based load balancing - built-in ALTERNATE-SERVER mechanism.
------------------------------------------------------------------------------- - Update Information:
Coturn 4.5.1.2 ============== - merge regression fix: * Do not display empty CLI passwd alert if CLI is not enabled - merge PR #359: * Remove `turn_free_simple()` * Remove `turn_malloc()` * Remove `turn_realloc()` * Remove `turn_free()` * Remove `turn_calloc()` * Remove `turn_strdup()` * Remove `SSL_NEW()` and `SSL_FREE()` * Remove pointer debugging machinery * Remove `ns_bzero()`, `ns_bcopy()`, and `ns_bcmp()` * Remove `[su]{08,16,32,64}bits` type defines - merge PR #327 * Strip white-spaces from config file lines end - merge PR #386 * fix the webadmin ip permission add/delete sql injection - merge PR #390 * fix mongo driver crash when invalid connection string is used - merge PR #392 enhanced fread return length check - merge PR #367 disconnect database gracefully - merge PR #382 * Using `SSL_get_version` method for BoringSSL compatibility * Now we put in `turn_session_info->tls_method` the real TLS version. Earlier we put UNKNOWN in this field if it was a TLS protocol that was not defined supportel TLS protocol during compile time. - merge PR #276 Add systemd service example - merge PR #284 Add bandwidth usage reporting packet/bandwidth usage by peers - merge PR #381 Modifying configure to enable compile with private libraries - merge PR #455 Typo corrected - merge PR #417 Append only to log files rather to override them - merge PR #442 Updated incorrect string length check for 'ssh' - merge PR #449 Fix Dockerfile for latest Debian - http server NULL dereference * Reported (by quarkslab.com, cisco/talos) * CVE-2020-6061 / TALOS-2020-0984 - http server out of bound read * Reported (by quarkslab.com, cisco/talos) * CVE-2020-6061 / TALOS-2020-0984 - merge PR #472 STUN input validation - merge PR #398 FIPS - merge PR #478 prod - merge PR #463 fix typos and grammar - update travis config ubuntu/mac images - merge PR #466 added null check for second char - merge PR #470 compiler warning fixes - merge PR #475 Update `README.docker` - merge PR #471 Fix a memory leak when an SHATYPE isn't supported - merge PR #488 Fix typos about `INSTALL` filenames - fix compiler warning comparison between signed and unsigned integer expressions - fix compiler warning string truncation - change Diffie Hellman default key length from 1066 to 2066 - merge PR #522 drop of supplementary group IDs - merge PR #514 Unify spelling of Coturn - merge PR#506 Rename "prod" config option to "no-software- attribute" - merge PR #519 fix config extension in `README.docker` - merge PR #516 change sql data dir in `docker-compose-all.yml` - merge PR #513 remove trailing spaces from `README`s - merge PR #525 add flags to disable periodic use of dynamic tables ------------------------------------------------------------------------------- - ChangeLog:
* Sat May 16 2020 Robert Scheck <robert@fedoraproject.org> - 4.5.1.2-1 - Update to 4.5.1.2 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-d9287bb71d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
|
|
|
|