Security update for mumble SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0300-1 Final 1 1 2021-02-16T11:04:47Z current 2021-02-16T11:04:47Z 2021-02-16T11:04:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mumble This update for mumble fixes the following issues: mumble was updated to 1.3.4: * Fix use of outdated (non-existent) notification icon names * Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123) * Server: Fix Exit status for actions like --version or --supw * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation - update apparmor profiles to get warning free again on 15.2 - use abstractions for ssl files - allow inet dgram sockets as mumble can also work via udp - allow netlink socket (probably for dbus) - properly allow lsb_release again - add support for optional local include - start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions Update to upstream version 1.3.3 Client: * Fixed: Chatbox invisble (zero height) (#4388) * Fixed: Handling of invalid packet sizes (#4394) * Fixed: Race-condition leading to loss of shortcuts (#4430) * Fixed: Link in About dialog is now clickable again (#4454) * Fixed: Sizing issues in ACL-Editor (#4455) * Improved: PulseAudio now always samples at 48 kHz (#4449) Server: * Fixed: Crash due to problems when using PostgreSQL (#4370) * Fixed: Handling of invalid package sizes (#4392) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-300 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TRBUKSNSCDTY3U6LK6SUQ3QWJS3JDGST/ E-Mail link for openSUSE-SU-2021:0300-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1180068 SUSE Bug 1180068 https://bugzilla.suse.com/1182123 SUSE Bug 1182123 openSUSE Leap 15.2 mumble-1.3.4-lp152.2.6.1 mumble-32bit-1.3.4-lp152.2.6.1 mumble-server-1.3.4-lp152.2.6.1 mumble-1.3.4-lp152.2.6.1 as a component of openSUSE Leap 15.2 mumble-32bit-1.3.4-lp152.2.6.1 as a component of openSUSE Leap 15.2 mumble-server-1.3.4-lp152.2.6.1 as a component of openSUSE Leap 15.2