Summary: | net-im/coturn: multiple vulnerabilities (CVE-2020-6061,CVE-2020-6062) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | hlein, nativemad |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nvd.nist.gov/vuln/detail/CVE-2020-6061 | ||
See Also: | https://github.com/gentoo/gentoo/pull/16144 | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
filip ambroz
2020-02-20 10:10:01 UTC
CVE-2020-6062: An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. References: ttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6062 https://nvd.nist.gov/vuln/detail/CVE-2020-6062 @maintainer(s), please create an appropriate ebuild It looked like the net-im/coturn maintainer might not be cc'ed on this 3+ month old security bug; added them. I bumped 4.5.1.2 now and removed the older version. Sorry for the delay! (In reply to Andreas Schürch from comment #4) > I bumped 4.5.1.2 now and removed the older version. > Sorry for the delay! No worries. Thank you! Unstable so no GLSA, all done here. Closing. |