Login
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in mumble
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in mumble
ID: openSUSE-SU-2020:1016-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 15.1, SUSE openSUSE Leap 15.2
Datum: Mo, 20. Juli 2020, 23:20
Referenzen: Keine Angabe
Applikationen: Mumble

Originalnachricht

   openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1016-1
Rating: moderate
References: #1174041
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for mumble fixes the following issues:

mumble was updated 1.3.2:

* client: Fixed overlay not starting

Update to upstream version 1.3.1

- Security
* Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041

- ICE

* Fixed: Added missing UserKDFIterations field to UserInfo => Prevents
getRegistration() from failing with enumerator
out of range error (#3835)

- GRPC

* Fixed: Segmentation fault during murmur shutdown (#3938)

- Client

* Fixed: Crash when using multiple monitors (#3756)
* Fixed: Don't send empty message from clipboard via shortcut, if
clipboard is empty (#3864)
* Fixed: Talking indicator being able to freeze to indicate talking when
self-muted (#4006)
* Fixed: High CPU usage for update-check if update server not available
(#4019)
* Fixed: DBus getCurrentUrl returning empty string when not in
root-channel (#4029)
* Fixed: Small parts of whispering leaking out (#4051)
* Fixed: Last audio frame of normal talking is sent to last whisper
target (#4050)
* Fixed: LAN-icon not found in ConnectDialog (#4058)
* Improved: Set maximal vertical size for User Volume Adjustment dialog
(#3801)
* Improved: Don't send empty data to PulseAudio (#3316)
* Improved: Use the SRV resolved port for UDP connections (#3820)
* Improved: Manual Plugin UI (#3919)
* Improved: Don't start Jack server by default (#3990)
* Improved: Overlay doesn't hook into all other processes by default
(#4041)
* Improved: Wait longer before disconnecting from a server due to
unanswered Ping-messages (#4123)

- Server

* Fixed: Possibility to circumvent max user-count in channel (#3880)
* Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
* Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
* Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
* Fixed: Wrong database encoding that could lead to server-crash (#4220)
* Fixed: DB crash due to primary key violation (now performs
"UPSERT" to
avoid this) (#4105)
* Improved: The fields in the Version ProtoBuf message are now
size-restricted (#4101)

- use the "profile profilename /path/to/binary" syntax to make
"ps aufxZ"
more readable


Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1016=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1016=1



Package List:

- openSUSE Leap 15.2 (i586 x86_64):

mumble-1.3.2-lp152.2.3.1
mumble-debuginfo-1.3.2-lp152.2.3.1
mumble-debugsource-1.3.2-lp152.2.3.1
mumble-server-1.3.2-lp152.2.3.1
mumble-server-debuginfo-1.3.2-lp152.2.3.1

- openSUSE Leap 15.2 (x86_64):

mumble-32bit-1.3.2-lp152.2.3.1
mumble-32bit-debuginfo-1.3.2-lp152.2.3.1

- openSUSE Leap 15.1 (i586 x86_64):

mumble-1.3.2-lp151.4.12.1
mumble-debuginfo-1.3.2-lp151.4.12.1
mumble-debugsource-1.3.2-lp151.4.12.1
mumble-server-1.3.2-lp151.4.12.1
mumble-server-debuginfo-1.3.2-lp151.4.12.1

- openSUSE Leap 15.1 (x86_64):

mumble-32bit-1.3.2-lp151.4.12.1
mumble-32bit-debuginfo-1.3.2-lp151.4.12.1


References:

https://bugzilla.suse.com/1174041

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung