[ubuntu/cosmic-updates] coturn 4.5.0.7-1ubuntu2.18.10.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Feb 14 20:58:07 UTC 2019
coturn (4.5.0.7-1ubuntu2.18.10.1) cosmic-security; urgency=medium
* [1328ae1] HotFix: for 3 Vulnerability.
For more details see:
- CVE-2018-4056 - coTURN Administrator Web Portal SQL injection vulnerability
- CVE-2018-4058 - coTURN TURN server unsafe loopback forwarding default configuration vulnerability
- CVE-2018-4059 - coTURN server unsafe telnet admin portal default configuration vulnerability
These patches address hotfix the 3 CVE above.
* Disable-Web-admin-interface-due-Security-Vulnerability.patch
It disables hardcocded web admin interface until 4.5.1.0 where it will be fixed correctly.
* Disable-loopback-peers-due-Vulnerability.patch
Disable by default loopback-peer functionality.
* empty-cli-password-not-allowed-disable-telnet-cli.patch
Disable telnet cli if the cli-password is empty.
Date: 2019-02-12 16:10:34.402049+00:00
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/coturn/4.5.0.7-1ubuntu2.18.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Cosmic-changes
mailing list