coturn 4.5.0.7-1ubuntu2.18.04.2 source package in Ubuntu
Changelog
coturn (4.5.0.7-1ubuntu2.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-buffer overflow in HTTP POST request
- debian/patches/CVE-2020-6061.patch: Fix overflow
- CVE-2020-6061
* SECURITY UPDATE: DoS when parsing certain HTTP POST request
- debian/patches/CVE-2020-6062.patch: Fix parsing of POST requests
- CVE-2020-6062
* SECURITY UPDATE: Information leak between different client connections
- debian/patches/CVE-2020-4067.patch: initialize with zero any new or
reused stun buffers
- CVE-2020-4067
-- Eduardo Barretto <email address hidden> Thu, 02 Jul 2020 12:49:53 -0300
Upload details
- Uploaded by:
- Eduardo Barretto
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| coturn_4.5.0.7.orig.tar.gz | 391.2 KiB | 86248c541a1184eb388c54d4178cffbf16ef53504fbb60106e575194f078b221 |
| coturn_4.5.0.7-1ubuntu2.18.04.2.debian.tar.xz | 12.4 KiB | 0482b3e9bcc5d534af8740a796e336ce6ec84a0b17328e412c30923922439d9f |
| coturn_4.5.0.7-1ubuntu2.18.04.2.dsc | 2.2 KiB | b2cf5f1903ce7f03a42e37a11524eef7b9bfbe8f19de6c87b3e1fc8a2a0c950a |
Available diffs
Binary packages built by this source
- coturn: TURN and STUN server for VoIP
STUN (Session Traversal Utilities for NAT) and TURN (Traversal Using Relays
around NAT) are protocols that can be used to provide NAT traversal for VoIP
and WebRTC. This package provides a VoIP media traffic NAT traversal server
and gateway.
.
Supported RFCs:
TURN specs:
* RFC 5766 - base TURN specs;
* RFC 6062 - TCP relaying TURN extension;
* RFC 6156 - IPv6 extension for TURN;
* RFC 7635 - OAuth third-party TURN/STUN authorization;
* DTLS support as client protocol
http://tools.ietf. org/html/ draft-petithugu enin-tram- turn-dtls- 00
* Mobile ICE (MICE) support
http://tools.ietf. org/html/ draft-wing- tram-turn- mobility- 03
* TURN ORIGIN specs for multi-tenant servers
http://tools.ietf. org/html/ draft-johnston- tram-stun- origin- 02
* TURN Bandwidth draft specs
http://tools.ietf. org/html/ draft-thomson- tram-turn- bandwidth- 00
* SSODA (dual allocation) draft specs
http://tools.ietf. org/html/ draft-martinsen -tram-ssoda- 00
.
STUN specs:
* RFC 3489 - obsolete "classic" STUN specs;
* RFC 5389 - base "new" STUN specs;
* RFC 5769 - test vectors for STUN protocol testing;
* RFC 5780 - NAT behavior discovery support.
.
The implementation fully supports UDP, TCP, TLS, and DTLS as protocols between
the TURN client and the TURN server. Both UDP and TCP relaying are supported.
.
SQLite, MySQL, PostgreSQL and Redis are supported for the user
repository (if authentication is required).
The long-term credentials mechanism is supported.
For WebRTC applications,
the TURN server REST API for time-limited
secret-based authentication is implemented.
The third-party authentication
specs (OAuth-based) are supported, too.
.
Load balancing can be implemented either by DNS round-robin mechanism, or with
the external networking tools, or by
the built-in ALTERNATE-SERVER mechanism.
.
The implementation is intended to be simple to install and configure.
The project focuses on performance, scalability, and simplicity.
The aim is to provide an enterprise-grade TURN solution.
- coturn-dbgsym: debug symbols for coturn
