-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : coturn Version : 4.2.1.2-1+deb8u2 CVE ID : CVE-2020-4067
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. For Debian 8 "Jessie", this problem has been fixed in version 4.2.1.2-1+deb8u2. We recommend that you upgrade your coturn packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl78gkwACgkQgj6WdgbD S5YCLQ/9H04TD18J6fsyMXshXSeK6x95+J1n6sI7km2tRHKORH7mLf1pqlyv1wTo CVStL5DCx/at9KiNW2gcUSWSm+1sYmpOw6toBNvrro6GVzt2eiXi2x0/Q+OVooW4 qbB8ZPhK3zRLLk3UKLfdnP4r3KAMee4WsvcRXQkl0VFbO+L43m9bdO2q6rRyK02q 0mV3pZYEgIL89Sv13SxqAngtvkBzP/sF7UU5uBY737LU8ptZF90hFPPbKMcb0SCR cSW3i/kB5t49hW0PoXImVuZVnWgslXFcuaRNpcJm3HQQldyWn4CkfvqrYEYFPcuw l0qTz9erFRR0WVQvP1M5xoxSyOPkMnxlSWMrzZS/E5sqP/FPr9uGJ0Tmy6Jkpq+J MpYM5TP5tFDtx0WWDZZfyQk0oRjfMmN4GkndFoGpTQ0h5/XjlqIpRY+oHl0RfbaD OO+GvX/0i1I4UusULS50M3eA2VTvygclL+i/Lqk4w+fCNmE4kASSBLKVP2ex3KIV A7tZX6/x1JdHepxi7CmyDs4D6jU2s2AjkIx1TnIbBv0SiapZbdtNvCBu8QkS0ggh dyWLCqw2qYrd4XtQm38McHAgdF6FSV5jnxoCDcGVrDaOmiCArIDulUTaMyxsTCuO OhLGvz5H7BbuXP+mvDaEIDE3rjJRDy77UH5z7XtY2NisSxaXYgk= =8KaK -----END PGP SIGNATURE-----
