[ubuntu/disco-proposed] coturn 4.5.1.0-1 (Accepted)
Steve Langasek
steve.langasek at canonical.com
Fri Feb 1 01:36:08 UTC 2019
coturn (4.5.1.0-1) unstable; urgency=medium
* Sync to upstream 4.5.1.0
- Fix CVE-2018-4058: coTURN unsafe loopback forwarding
default configuration vulnerability
- by default loopback disabled
- no-loopback option removed!
- allow-loopback-peers option added
- Fix CVE-2018-4056: coTURN Administrator Web Portal
SQL injection vulnerability
- Web admin disabled by default
- Web admin could listen on separated IP and port
- web-admin-ip option added
- web-admin-port option added
- Web admin is disabled on STUN/TURN ports.
- web-admin-listen-on-workers option added
to enable web-admin STUN/TURN ports
- Fix CVE-2018-4059: coTURN server unsafe telnet admin
portal default configuration vulnerability
- An empty cli-password with an allow-loopback-peers option is prohibited.
- fix memory leak in read_config_file
Date: 2019-01-28 16:30:21.526242+00:00
Changed-By: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/coturn/4.5.1.0-1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list