[ubuntu/cosmic-updates] coturn (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Feb 14 20:58:07 UTC 2019

coturn ( cosmic-security; urgency=medium

  * [1328ae1] HotFix: for 3 Vulnerability.
    For more details see:
    - CVE-2018-4056 - coTURN Administrator Web Portal SQL injection vulnerability
    - CVE-2018-4058 - coTURN TURN server unsafe loopback forwarding default configuration vulnerability
    - CVE-2018-4059 - coTURN server unsafe telnet admin portal default configuration vulnerability
    These patches address hotfix the 3 CVE above.
    * Disable-Web-admin-interface-due-Security-Vulnerability.patch
    It disables hardcocded web admin interface until where it will be fixed correctly.
    * Disable-loopback-peers-due-Vulnerability.patch
    Disable by default loopback-peer functionality.
    * empty-cli-password-not-allowed-disable-telnet-cli.patch
    Disable telnet cli if the cli-password is empty.

Date: 2019-02-12 16:10:34.402049+00:00
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Cosmic-changes mailing list