It fix the following vulnerabilities:
They will be exposed very soon..
Many thanks to Cisco for reporting vulnerabilities and helping in
opening and coordinating the CVEs!
I have also made a hotfix for Debian stable image that disables
web-admin interface, and fix the other issues too.
It also has been released today. See version: 4.5.0.5-1+deb9u1
Announcement: https://www.debian.org/security/2019/dsa-4373
Hotfix is good start, but the real fix comes in 4.5.1.0 that is
available actually in Debian sid,
and hopefully in the next few days it will arrive to Debian
testing/buster.
After it is in testing/buster we will also release a Debian
backports 4.5.1.0 package for stable/stretch.
In the new release the web-admin is disabled by default, and it does not listen on workers.
Other coTURN distributions please also update your packages..
For more details please read more in the coTURN ChangeLog.
Many thanks to All who helped me to make this happen!
Misi
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/d/optout.
Zoli