openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:1439-2
Rating:             moderate
References:         #1174041 
Affected Products:
                    openSUSE Backports SLE-15-SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for mumble fixes the following issues:

   mumble was updated 1.3.2:

   * client: Fixed overlay not starting

   Update to upstream version 1.3.1

   - Security
     * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041

   - ICE

     * Fixed: Added missing UserKDFIterations field to UserInfo => Prevents
       getRegistration() from failing with enumerator
       out of range error (#3835)

   - GRPC

     * Fixed: Segmentation fault during murmur shutdown (#3938)

   - Client

     * Fixed: Crash when using multiple monitors (#3756)
     * Fixed: Don't send empty message from clipboard via shortcut, if
       clipboard is empty (#3864)
     * Fixed: Talking indicator being able to freeze to indicate talking when
       self-muted (#4006)
     * Fixed: High CPU usage for update-check if update server not available
       (#4019)
     * Fixed: DBus getCurrentUrl returning empty string when not in
       root-channel (#4029)
     * Fixed: Small parts of whispering leaking out (#4051)
     * Fixed: Last audio frame of normal talking is sent to last whisper
       target (#4050)
     * Fixed: LAN-icon not found in ConnectDialog (#4058)
     * Improved: Set maximal vertical size for User Volume Adjustment dialog
       (#3801)
     * Improved: Don't send empty data to PulseAudio (#3316)
     * Improved: Use the SRV resolved port for UDP connections (#3820)
     * Improved: Manual Plugin UI (#3919)
     * Improved: Don't start Jack server by default (#3990)
     * Improved: Overlay doesn't hook into all other processes by default
       (#4041)
     * Improved: Wait longer before disconnecting from a server due to
       unanswered Ping-messages (#4123)

   - Server

     * Fixed: Possibility to circumvent max user-count in channel (#3880)
     * Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
     * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
     * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
     * Fixed: Wrong database encoding that could lead to server-crash (#4220)
     * Fixed: DB crash due to primary key violation (now performs "UPSERT" to
       avoid this) (#4105)
     * Improved: The fields in the Version ProtoBuf message are now
       size-restricted (#4101)

   - use the "profile profilename /path/to/binary" syntax to make "ps aufxZ"
     more readable


   This update was imported from the openSUSE:Leap:15.1:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP2:

      zypper in -t patch openSUSE-2020-1439=1



Package List:

   - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

      mumble-1.3.2-bp152.2.3.1
      mumble-debuginfo-1.3.2-bp152.2.3.1
      mumble-debugsource-1.3.2-bp152.2.3.1
      mumble-server-1.3.2-bp152.2.3.1
      mumble-server-debuginfo-1.3.2-bp152.2.3.1

   - openSUSE Backports SLE-15-SP2 (aarch64_ilp32):

      mumble-64bit-1.3.2-bp152.2.3.1
      mumble-64bit-debuginfo-1.3.2-bp152.2.3.1


References:

   https://bugzilla.suse.com/1174041

--

openSUSE: 2020:1439-2: moderate: mumble

September 18, 2020
An update that contains security fixes can now be installed.

Description

This update for mumble fixes the following issues: mumble was updated 1.3.2: * client: Fixed overlay not starting Update to upstream version 1.3.1 - Security * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041 - ICE * Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) - GRPC * Fixed: Segmentation fault during murmur shutdown (#3938) - Client * Fixed: Crash when using multiple monitors (#3756) * Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864) * Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) * Fixed: High CPU usage for update-check if update server not available (#4019) * Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) * Fixed: Small parts of whispering leaking out (#4051) * Fixed: Last audio frame of normal talking is sent to last whisper target (#4050) * Fixed: LAN-icon not found in ConnectDialog (#4058) * Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) * Improved: Don't send empty data to PulseAudio (#3316) * Improved: Use the SRV resolved port for UDP connections (#3820) * Improved: Manual Plugin UI (#3919) * Improved: Don't start Jack server by default (#3990) * Improved: Overlay doesn't hook into all other processes by default (#4041) * Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) - Server * Fixed: Possibility to circumvent max user-count in channel (#3880) * Fixed: Rate-limit implementation susceptible to time-underflow (#4004) * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) * Fixed: Wrong database encoding that could lead to server-crash (#4220) * Fixed: DB crash due to primary key violation (now performs "UPSERT" to avoid this) (#4105) * Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101) - use the "profile profilename /path/to/binary" syntax to make "ps aufxZ" more readable This update was imported from the openSUSE:Leap:15.1:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1439=1


Package List

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): mumble-1.3.2-bp152.2.3.1 mumble-debuginfo-1.3.2-bp152.2.3.1 mumble-debugsource-1.3.2-bp152.2.3.1 mumble-server-1.3.2-bp152.2.3.1 mumble-server-debuginfo-1.3.2-bp152.2.3.1 - openSUSE Backports SLE-15-SP2 (aarch64_ilp32): mumble-64bit-1.3.2-bp152.2.3.1 mumble-64bit-debuginfo-1.3.2-bp152.2.3.1


References

https://bugzilla.suse.com/1174041--


Severity
Announcement ID: openSUSE-SU-2020:1439-2
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP2

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved