openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0300-1
Rating:             moderate
References:         #1180068 #1182123 
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for mumble fixes the following issues:

   mumble was updated to 1.3.4:

   * Fix use of outdated (non-existent) notification icon names
   * Fix Security vulnerability caused by allowing non http/https URL schemes
     in public server list (boo#1182123)
   * Server: Fix Exit status for actions like --version or --supw
   * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

   - update apparmor profiles to get warning free again on 15.2
     - use abstractions for ssl files
     - allow inet dgram sockets as mumble can also work via udp
     - allow netlink socket (probably for dbus)
     - properly allow lsb_release again
     - add support for optional local include
   - start murmurd directly as user mumble-server it gets rid of the
     dac_override/setgid/setuid/chown permissions

   Update to upstream version 1.3.3

   Client:

   * Fixed: Chatbox invisble (zero height) (#4388)
   * Fixed: Handling of invalid packet sizes (#4394)
   * Fixed: Race-condition leading to loss of shortcuts (#4430)
   * Fixed: Link in About dialog is now clickable again (#4454)
   * Fixed: Sizing issues in ACL-Editor (#4455)
   * Improved: PulseAudio now always samples at 48 kHz (#4449)

   Server:

   * Fixed: Crash due to problems when using PostgreSQL (#4370)
   * Fixed: Handling of invalid package sizes (#4392)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-300=1



Package List:

   - openSUSE Leap 15.2 (i586 x86_64):

      mumble-1.3.4-lp152.2.6.1
      mumble-debuginfo-1.3.4-lp152.2.6.1
      mumble-debugsource-1.3.4-lp152.2.6.1
      mumble-server-1.3.4-lp152.2.6.1
      mumble-server-debuginfo-1.3.4-lp152.2.6.1

   - openSUSE Leap 15.2 (x86_64):

      mumble-32bit-1.3.4-lp152.2.6.1
      mumble-32bit-debuginfo-1.3.4-lp152.2.6.1


References:

   https://bugzilla.suse.com/1180068
   https://bugzilla.suse.com/1182123