-------------------------------------------------------------------------------- Fedora EPEL Update Notification FEDORA-EPEL-2021-e976495093 2021-01-27 00:34:04.197460 --------------------------------------------------------------------------------
Name : coturn Product : Fedora EPEL 8 Version : 4.5.2 Release : 1.el8 URL : https://github.com/coturn/coturn/ Summary : TURN/STUN & ICE Server Description : The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying TURN extension - RFC 6156 - IPv6 extension for TURN - Experimental DTLS support as client protocol. STUN specs: - RFC 3489 - "classic" STUN - RFC 5389 - base "new" STUN specs - RFC 5769 - test vectors for STUN protocol testing - RFC 5780 - NAT behavior discovery support The implementation fully supports the following client-to-TURN-server protocols: - UDP (per RFC 5766) - TCP (per RFC 5766 and RFC 6062) - TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2 - DTLS (experimental non-standard feature) Supported relay protocols: - UDP (per RFC 5766) - TCP (per RFC 6062) Supported user databases (for user repository, with passwords or keys, if authentication is required): - SQLite - MySQL - PostgreSQL - Redis Redis can also be used for status and statistics storage and notification. Supported TURN authentication mechanisms: - long-term - TURN REST API (a modification of the long-term mechanism, for time-limited secret-based authentication, for WebRTC applications) The load balancing can be implemented with the following tools (either one or a combination of them): - network load-balancer server - DNS-based load balancing - built-in ALTERNATE-SERVER mechanism. -------------------------------------------------------------------------------- Update Information: Coturn 4.5.2 ============ - Fix null pointer dereference in case of out of memory - Add prometheus metrics - Delete trailing whitespace in example configuration files - Add architecture ppc64le to travis build - Fix misleading option in doc (prometheus) - Allow RFC6062 TCP relay data to look like TLS - Add support for proxy protocol V1 - Print full date and time in logs - Add new options: "new-log-timestamp" and "new-log-timestamp-format" - Do not use FIPS and remove hardcode `OPENSSL_VERSION_NUMBER` with LibreSSL - Add ACME redirect url - Support of `--acme-redirect <URL>` - Fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks (Breaking change!) - Add new `--log-binding` option to enable binding request logging - Fix stale-nonce documentation - Version number is changed to semver 2.0 - pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix: use-after- free vulnerability on write_to_peerchannel function - Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus - Fix c++ support - Simplify - Remove session id/allocation labels - Remove per session metrics - Fix CVE-2020-26262 - Fix ipv6 ::1 loopback check - Not allow allocate peer address 0.0.0.0/8 and ::/128 - For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 11 2021 Robert Scheck <[email protected]> - 4.5.2-1 - Upgrade to 4.5.2 (#1914861) * Sun Sep 27 2020 Christian Glombek <[email protected]> - 4.5.1.3-3 - Rebuilt for libevent 2.1.12 soname bump * Mon Jul 27 2020 Fedora Release Engineering <[email protected]> - 4.5.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1915045 - CVE-2020-26262 coturn: Loopback access control bypass https://bugzilla.redhat.com/show_bug.cgi?id=1915045 -------------------------------------------------------------------------------- This update can be installed with the "yum" update programs. Use su -c 'yum update coturn' at the command line. For more information, refer to "YUM", available at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7\ /html/System_Administrators_Guide/ch-yum.html All packages are signed with the Fedora EPEL GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ epel-package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
