blob: 600e035400babd57585357210d87c84845f1af56 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
#use wml::debian::translation-check translation="6deb41e83064921e63d318734179cf3b4d8867e0"
<define-tag description>安全更新</define-tag>
<define-tag moreinfo>
<p>A flaw was discovered in coturn, a TURN and STUN server for VoIP. By
default coturn does not allow peers on the loopback addresses
(127.x.x.x and ::1). A remote attacker can bypass the protection via a
specially crafted request using a peer address of <q>0.0.0.0</q> and trick
coturn in relaying to the loopback interface. If listening on IPv6 the
loopback interface can also be reached by using either [::1] or [::] as
the address。</p>
<p>在稳定版(buster)中,此问题已被修复于
版本 4.5.1.1-1.1+deb10u2。</p>
<p>我们建议您升级您的 coturn 软件包。</p>
<p>查看关于 coturn 的详细信息,
请访问其安全追踪页面
<a href="https://security-tracker.debian.org/tracker/coturn">https://security-tracker.debian.org/tracker/coturn</a>。</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/security/2021/dsa-4829.data"
|
