[ubuntu-hardened] Dangerous issue in Coturn Ubuntu distribution

Marc Deslauriers marc.deslauriers at canonical.com
Tue Jul 27 19:37:18 UTC 2021 

Hi,

Yes, if you've installed all your security updates, you're good.

Marc.

On 2021-07-27 3:32 p.m., Julio Spinelli wrote:
> Thanks Marc!
> Just to clarify, its fixed for people that are to date on 20.04.2 LTS!
> 
> Julio
> 
> On Tue, Jul 27, 2021 at 12:09 PM Marc Deslauriers
> <marc.deslauriers at canonical.com <mailto:marc.deslauriers at canonical.com>> wrote:
> 
>     Hi,
> 
>     On 2021-07-27 11:50 a.m., Julio Spinelli wrote:
>     > This issue: https://ubuntu.com/security/CVE-2020-26262
>     <https://ubuntu.com/security/CVE-2020-26262>
>     > <https://ubuntu.com/security/CVE-2020-26262
>     <https://ubuntu.com/security/CVE-2020-26262>>
>     > has been fixed in the latest version of Coturn, but people installing Ubuntu
>     > today 20.04 will still unknowingly install the older version of COTURN that is
>     > wide open due to this issue.
>     >
> 
>     Coturn in Ubuntu 20.04 was fixed by the following security update:
> 
>     https://ubuntu.com/security/notices/USN-4690-1
>     <https://ubuntu.com/security/notices/USN-4690-1>
> 
>     > So, my question is what can we do to speed up the availability of the last
>     > version or alternatively add a caution with a link to this issue so that
>     > installers of the current version know that they must set up --denied-peer-ip
>     > especifically.
>     >
>     > No installation guides that I checked (many) have this caution included.
>     >
>     > It seems that a very simple action could be taken to mitigate this.
>     >
>     > --
>     > Julio C Spinelli
> 
>     No caution necessary, it's already fixed.
> 
>     Thanks,
> 
>     Marc.
> 
> 
>     -- 
>     ubuntu-hardened mailing list
>     ubuntu-hardened at lists.ubuntu.com <mailto:ubuntu-hardened at lists.ubuntu.com>
>     https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened
>     <https://lists.ubuntu.com/mailman/listinfo/ubuntu-hardened>
> 
> 
> 
> -- 
> Julio C Spinelli
> 
> Life is what you make of it!
> 
> This electronic message contains information from Julio C. Spinelli. The
> contents may be privileged and confidential and are intended for the use of the
> intended addressee(s) only.  If you are not an intended addressee, note that any
> disclosure, copying, distribution, or use of the contents of this message is
> prohibited. If you have received this e-mail in error, please contact me at
> 1 at juliospinelli.com <mailto:1 at juliospinelli.com>
>

More information about the ubuntu-hardened mailing list