openSUSE Security Update: Security update for mumble

Announcement ID:    openSUSE-SU-2021:0300-1
Rating:             moderate
References:         #1180068 #1182123 
Affected Products:
                    openSUSE Leap 15.2

   An update that contains security fixes can now be installed.


   This update for mumble fixes the following issues:

   mumble was updated to 1.3.4:

   * Fix use of outdated (non-existent) notification icon names
   * Fix Security vulnerability caused by allowing non http/https URL schemes
     in public server list (boo#1182123)
   * Server: Fix Exit status for actions like --version or --supw
   * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

   - update apparmor profiles to get warning free again on 15.2
     - use abstractions for ssl files
     - allow inet dgram sockets as mumble can also work via udp
     - allow netlink socket (probably for dbus)
     - properly allow lsb_release again
     - add support for optional local include
   - start murmurd directly as user mumble-server it gets rid of the
     dac_override/setgid/setuid/chown permissions

   Update to upstream version 1.3.3


   * Fixed: Chatbox invisble (zero height) (#4388)
   * Fixed: Handling of invalid packet sizes (#4394)
   * Fixed: Race-condition leading to loss of shortcuts (#4430)
   * Fixed: Link in About dialog is now clickable again (#4454)
   * Fixed: Sizing issues in ACL-Editor (#4455)
   * Improved: PulseAudio now always samples at 48 kHz (#4449)


   * Fixed: Crash due to problems when using PostgreSQL (#4370)
   * Fixed: Handling of invalid package sizes (#4392)

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-300=1

Package List:

   - openSUSE Leap 15.2 (i586 x86_64):


   - openSUSE Leap 15.2 (x86_64):