--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-d946f64eea
2020-07-09 01:04:26.797517
--------------------------------------------------------------------------------
Name : coturn
Product : Fedora 32
Version : 4.5.1.3
Release : 1.fc32
URL :
https://github.com/coturn/coturn/
Summary : TURN/STUN & ICE Server
Description :
The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway.
It can be used as a general-purpose network traffic TURN server/gateway, too.
This implementation also includes some extra features. Supported RFCs:
TURN specs:
- RFC 5766 - base TURN specs
- RFC 6062 - TCP relaying TURN extension
- RFC 6156 - IPv6 extension for TURN
- Experimental DTLS support as client protocol.
STUN specs:
- RFC 3489 - "classic" STUN
- RFC 5389 - base "new" STUN specs
- RFC 5769 - test vectors for STUN protocol testing
- RFC 5780 - NAT behavior discovery support
The implementation fully supports the following client-to-TURN-server protocols:
- UDP (per RFC 5766)
- TCP (per RFC 5766 and RFC 6062)
- TLS (per RFC 5766 and RFC 6062); TLS1.0/TLS1.1/TLS1.2
- DTLS (experimental non-standard feature)
Supported relay protocols:
- UDP (per RFC 5766)
- TCP (per RFC 6062)
Supported user databases (for user repository, with passwords or keys, if
authentication is required):
- SQLite
- MySQL
- PostgreSQL
- Redis
Redis can also be used for status and statistics storage and notification.
Supported TURN authentication mechanisms:
- long-term
- TURN REST API (a modification of the long-term mechanism, for time-limited
secret-based authentication, for WebRTC applications)
The load balancing can be implemented with the following tools (either one or a
combination of them):
- network load-balancer server
- DNS-based load balancing
- built-in ALTERNATE-SERVER mechanism.
--------------------------------------------------------------------------------
Update Information:
Coturn 4.5.1.3 ============== * merge PR #575: Fix rpm packaging * merge PR
#576: Tell tar to not include the metadata into release * merge PR #574:
Change Docker `turnserver.conf` to latest `turnserver.conf` * merge PR #566:
Remove reference to SSLv3 * merge PR #579: Ignore MD5 for BoringSSL * merge
PR #577: Build RPM from local folder instead of Git repo * Fix for
CVE-2020-4067: STUN response buffer not initialized properly (issue found and
reported #583 by Felix D��rre)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 30 2020 Robert Scheck <robert(a)fedoraproject.org> - 4.5.1.3-1
- Update to 4.5.1.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852362 - CVE-2020-4067 coturn: STUN response buffer not initialized
properly
https://bugzilla.redhat.com/show_bug.cgi?id=1852362
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-d946f64eea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------