[ubuntu/cosmic-security] coturn 4.5.0.7-1ubuntu2.18.10.1 (Accepted)
Eduardo dos Santos Barretto
eduardo.barretto at canonical.com
Thu Feb 14 20:21:15 UTC 2019
coturn (4.5.0.7-1ubuntu2.18.10.1) cosmic-security; urgency=medium
* [1328ae1] HotFix: for 3 Vulnerability.
For more details see:
- CVE-2018-4056 - coTURN Administrator Web Portal SQL injection vulnerability
- CVE-2018-4058 - coTURN TURN server unsafe loopback forwarding default configuration vulnerability
- CVE-2018-4059 - coTURN server unsafe telnet admin portal default configuration vulnerability
These patches address hotfix the 3 CVE above.
* Disable-Web-admin-interface-due-Security-Vulnerability.patch
It disables hardcocded web admin interface until 4.5.1.0 where it will be fixed correctly.
* Disable-loopback-peers-due-Vulnerability.patch
Disable by default loopback-peer functionality.
* empty-cli-password-not-allowed-disable-telnet-cli.patch
Disable telnet cli if the cli-password is empty.
Date: 2019-02-12 16:10:34.402049+00:00
Signed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
https://launchpad.net/ubuntu/+source/coturn/4.5.0.7-1ubuntu2.18.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Cosmic-changes
mailing list