MGASA-2020-0287

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0287.html

Import Source

https://advisories.mageia.org/MGASA-2020-0287.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0287

Related

CVE-2020-4067

Published

2020-07-10T08:01:08Z

Modified

2020-07-10T07:29:05Z

Summary

Updated coturn packages fix security vulnerability

Details

The updated package fixes a security vulnerability:

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. (CVE-2020-4067)

References

https://advisories.mageia.org/MGASA-2020-0287.html
https://bugs.mageia.org/show_bug.cgi?id=26879
https://www.debian.org/security/2020/dsa-4711

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0287

Affected packages