|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for coturn (DLA-2271-1)|
|Summary:||The remote host is missing an update for the 'coturn'; package(s) announced via the DLA-2271-1 advisory.|
The remote host is missing an update for the 'coturn'
package(s) announced via the DLA-2271-1 advisory.
In coturn before version 18.104.22.168, there is an issue whereby
STUN/TURN response buffer is not initialized properly. There
is a leak of information between different client connections.
One client (an attacker) could use their connection to
intelligently query coturn to get interesting bytes in the
padding bytes from the connection of another client.
'coturn' package(s) on Debian Linux.
For Debian 8 'Jessie', this problem has been fixed in version
We recommend that you upgrade your coturn packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-4067|
Debian Security Information: DSA-4711 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0937 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.