{"id":"MGASA-2020-0254","summary":"Updated coturn packages fix security vulnerability","details":"Updated the coturn package in order to fix some security\nvulnerabilities:\n\nhttp_server.c: An exploitable heap overflow vulnerability exists in the\nway CoTURN 4.5.1.1 web server parses POST requests. A specially crafted\nHTTP POST request can lead to information leaks and other misbehavior.\nAn attacker needs to send an HTTPS request to trigger this vulnerability\n(CVE-2020-6061).\n\nhttp_server.c An exploitable denial-of-service vulnerability exists in\nthe way CoTURN 4.5.1.1 web server parses POST requests. A specially\ncrafted HTTP POST request can lead to server crash and denial of service.\nAn attacker needs to send an HTTP request to trigger this vulnerability\n(CVE-2020-6062).\n","modified":"2026-04-16T00:09:36.012318198Z","published":"2020-06-10T23:59:36Z","upstream":["CVE-2020-6061","CVE-2020-6062"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0254.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26413"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/"}],"affected":[{"package":{"name":"coturn","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/coturn?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.0.7-2.3.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0254.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}