[ubuntu-hardened] Dangerous issue in Coturn Ubuntu distribution
Julio Spinelli
spine001 at gmail.com
Tue Jul 27 19:32:43 UTC 2021
Thanks Marc!
Just to clarify, its fixed for people that are to date on 20.04.2 LTS!
Julio
On Tue, Jul 27, 2021 at 12:09 PM Marc Deslauriers <
marc.deslauriers at canonical.com> wrote:
> Hi,
>
> On 2021-07-27 11:50 a.m., Julio Spinelli wrote:
> > This issue: https://ubuntu.com/security/CVE-2020-26262
> > <https://ubuntu.com/security/CVE-2020-26262>
> > has been fixed in the latest version of Coturn, but people installing
> Ubuntu
> > today 20.04 will still unknowingly install the older version of COTURN
> that is
> > wide open due to this issue.
> >
>
> Coturn in Ubuntu 20.04 was fixed by the following security update:
>
> https://ubuntu.com/security/notices/USN-4690-1
>
> > So, my question is what can we do to speed up the availability of the
> last
> > version or alternatively add a caution with a link to this issue so that
> > installers of the current version know that they must set up
> --denied-peer-ip
> > especifically.
> >
> > No installation guides that I checked (many) have this caution included.
> >
> > It seems that a very simple action could be taken to mitigate this.
> >
> > --
> > Julio C Spinelli
>
> No caution necessary, it's already fixed.
>
> Thanks,
>
> Marc.
>
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>
--
Julio C Spinelli
Life is what you make of it!
This electronic message contains information from Julio C. Spinelli. The
contents may be privileged and confidential and are intended for the use of
the intended addressee(s) only. If you are not an intended addressee, note
that any disclosure, copying, distribution, or use of the contents of this
message is prohibited. If you have received this e-mail in error, please
contact me at 1 at juliospinelli.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20210727/71ba0c98/attachment.html>
More information about the ubuntu-hardened
mailing list