Oval Definition:oval:org.opensuse.security:def:20204067
Revision Date:2022-06-30Version:1
Title:CVE-2020-4067
Description:

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2020-4067
openSUSE-SU-2020:0937-1
Mitre CVE-2020-4067
SUSE CVE-2020-4067
openSUSE-SU-2020:0937-1
Platform(s):openSUSE Leap 15.2
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • coturn-4.5.1.3-lp152.2.3.1 is installed
  • AND coturn is signed with openSUSE key
  • OR
  • coturn-devel-4.5.1.3-lp152.2.3.1 is installed
  • AND coturn-devel is signed with openSUSE key
  • OR
  • coturn-utils-4.5.1.3-lp152.2.3.1 is installed
  • AND coturn-utils is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • coturn-4.5.2-2.2 is installed
  • OR coturn-devel-4.5.2-2.2 is installed
  • OR coturn-utils-4.5.2-2.2 is installed
    • BACK