mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-17 18:34:41 +00:00
Code Issues Wiki Activity

coturn: apply patch for CVE-2020-6061/6062

Browse source 
Fixes: CVE-2020-6061, CVE-2020-6062

An exploitable heap overflow vulnerability exists in the way CoTURN
4.5.1.1 web server parses POST requests. A specially crafted HTTP
POST request can lead to information leaks and other misbehavior.
An attacker needs to send an HTTPS request to trigger this vulnerability.

An exploitable denial-of-service vulnerability exists in the way
CoTURN 4.5.1.1 web server parses POST requests. A specially crafted
HTTP POST request can lead to server crash and denial of service.
An attacker needs to send an HTTP request to trigger this vulnerability.
This commit is contained in:
Martin Weinelt 2020-04-29 01:11:43 +02:00
parent a8b60a8567
commit 704a018aae
No known key found for this signature in database
GPG key ID: BD4AA0528F63F17E
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
pkgs/servers/coturn/default.nix
View file

@ -1,4 +1,4 @@
{ stdenv, fetchFromGitHub, openssl, libevent }:
{ stdenv, fetchFromGitHub, fetchpatch, openssl, libevent }:
stdenv.mkDerivation rec {
pname = "coturn";
@ -13,7 +13,14 @@ stdenv.mkDerivation rec {
buildInputs = [ openssl libevent ];
patches = [ ./pure-configure.patch ];
patches = [
./pure-configure.patch
(fetchpatch {
name = "CVE-2020-6061+6062.patch";
url = "https://sources.debian.org/data/main/c/coturn/4.5.1.1-1.2/debian/patches/CVE-2020-6061+6062.patch";
sha256 = "0fcy1wp91bb4hlhnp96sf9bs0d9hf3pwx5f7b1r9cfvr3l5c1bk2";
})
];
meta = with stdenv.lib; {
homepage = "https://coturn.net/";