[ubuntu-hardened] Dangerous issue in Coturn Ubuntu distribution
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 27 16:07:24 UTC 2021
Hi,
On 2021-07-27 11:50 a.m., Julio Spinelli wrote:
> This issue: https://ubuntu.com/security/CVE-2020-26262
> <https://ubuntu.com/security/CVE-2020-26262>
> has been fixed in the latest version of Coturn, but people installing Ubuntu
> today 20.04 will still unknowingly install the older version of COTURN that is
> wide open due to this issue.
>
Coturn in Ubuntu 20.04 was fixed by the following security update:
https://ubuntu.com/security/notices/USN-4690-1
> So, my question is what can we do to speed up the availability of the last
> version or alternatively add a caution with a link to this issue so that
> installers of the current version know that they must set up --denied-peer-ip
> especifically.
>
> No installation guides that I checked (many) have this caution included.
>
> It seems that a very simple action could be taken to mitigate this.
>
> --
> Julio C Spinelli
No caution necessary, it's already fixed.
Thanks,
Marc.
More information about the ubuntu-hardened
mailing list