[ubuntu-hardened] Dangerous issue in Coturn Ubuntu distribution
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jul 27 19:37:18 UTC 2021
Hi,
Yes, if you've installed all your security updates, you're good.
Marc.
On 2021-07-27 3:32 p.m., Julio Spinelli wrote:
> Thanks Marc!
> Just to clarify, its fixed for people that are to date on 20.04.2 LTS!
>
> Julio
>
> On Tue, Jul 27, 2021 at 12:09 PM Marc Deslauriers
> <marc.deslauriers at canonical.com <mailto:marc.deslauriers at canonical.com>> wrote:
>
> Hi,
>
> On 2021-07-27 11:50 a.m., Julio Spinelli wrote:
> > This issue: https://ubuntu.com/security/CVE-2020-26262
> <https://ubuntu.com/security/CVE-2020-26262>
> > <https://ubuntu.com/security/CVE-2020-26262
> <https://ubuntu.com/security/CVE-2020-26262>>
> > has been fixed in the latest version of Coturn, but people installing Ubuntu
> > today 20.04 will still unknowingly install the older version of COTURN that is
> > wide open due to this issue.
> >
>
> Coturn in Ubuntu 20.04 was fixed by the following security update:
>
> https://ubuntu.com/security/notices/USN-4690-1
> <https://ubuntu.com/security/notices/USN-4690-1>
>
> > So, my question is what can we do to speed up the availability of the last
> > version or alternatively add a caution with a link to this issue so that
> > installers of the current version know that they must set up --denied-peer-ip
> > especifically.
> >
> > No installation guides that I checked (many) have this caution included.
> >
> > It seems that a very simple action could be taken to mitigate this.
> >
> > --
> > Julio C Spinelli
>
> No caution necessary, it's already fixed.
>
> Thanks,
>
> Marc.
>
>
> --
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com <mailto:ubuntu-hardened at lists.ubuntu.com>
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened>
>
>
>
> --
> Julio C Spinelli
>
> Life is what you make of it!
>
> This electronic message contains information from Julio C. Spinelli. The
> contents may be privileged and confidential and are intended for the use of the
> intended addressee(s) only. If you are not an intended addressee, note that any
> disclosure, copying, distribution, or use of the contents of this message is
> prohibited. If you have received this e-mail in error, please contact me at
> 1 at juliospinelli.com <mailto:1 at juliospinelli.com>
>
More information about the ubuntu-hardened
mailing list