openSUSE-SU-2020:0937-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:0937-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/openSUSE-SU-2020:0937-1

Related

CVE-2020-4067

Published

2020-07-06T22:28:40Z

Modified

2020-07-06T22:28:40Z

Summary

Security update for coturn

Details

This update for coturn fixes the following issues:

Version 4.5.1.3:

Remove reference to SSLv3: gh#coturn/coturn#566
Ignore MD5 for BoringSSL: gh#coturn/coturn#579
STUN response buffer not initialized properly; he issue found and reported gh#coturn/coturn#583 by Felix D�rre all credits belongs to him. CVE-2020-4067, boo#1173510
Let coturn allow binding to ports below 1024 per default

References

Affected packages

openSUSE:Leap 15.2 / coturn

Package

Name: coturn
Purl: pkg:rpm/opensuse/coturn&distro=openSUSE%20Leap%2015.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1.3-lp152.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "coturn-utils": "4.5.1.3-lp152.2.3.1",
            "coturn-devel": "4.5.1.3-lp152.2.3.1",
            "coturn": "4.5.1.3-lp152.2.3.1"
        }
    ]
}