MGASA-2020-0254

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0254.html

Import Source

https://advisories.mageia.org/MGASA-2020-0254.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0254

Related

Published

2020-06-10T23:59:36Z

Modified

2020-06-10T23:27:18Z

Summary

Updated coturn packages fix security vulnerability

Details

Updated the coturn package in order to fix some security vulnerabilities:

http_server.c: An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability (CVE-2020-6061).

http_server.c An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability (CVE-2020-6062).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0254

Affected packages