openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0312-1
Rating:             moderate
References:         #1180068 #1182123 
Affected Products:
                    openSUSE Backports SLE-15-SP2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for mumble fixes the following issues:

   mumble was updated to 1.3.4:

   * Fix use of outdated (non-existent) notification icon names
   * Fix Security vulnerability caused by allowing non http/https URL schemes
     in public server list (boo#1182123)
   * Server: Fix Exit status for actions like --version or --supw
   * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

   - update apparmor profiles to get warning free again on 15.2
     - use abstractions for ssl files
     - allow inet dgram sockets as mumble can also work via udp
     - allow netlink socket (probably for dbus)
     - properly allow lsb_release again
     - add support for optional local include
   - start murmurd directly as user mumble-server it gets rid of the
     dac_override/setgid/setuid/chown permissions

   Update to upstream version 1.3.3

   Client:

   * Fixed: Chatbox invisble (zero height) (#4388)
   * Fixed: Handling of invalid packet sizes (#4394)
   * Fixed: Race-condition leading to loss of shortcuts (#4430)
   * Fixed: Link in About dialog is now clickable again (#4454)
   * Fixed: Sizing issues in ACL-Editor (#4455)
   * Improved: PulseAudio now always samples at 48 kHz (#4449)

   Server:

   * Fixed: Crash due to problems when using PostgreSQL (#4370)
   * Fixed: Handling of invalid package sizes (#4392)


   This update was imported from the openSUSE:Leap:15.2:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP2:

      zypper in -t patch openSUSE-2021-312=1



Package List:

   - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

      mumble-1.3.4-bp152.2.6.1
      mumble-server-1.3.4-bp152.2.6.1

   - openSUSE Backports SLE-15-SP2 (aarch64_ilp32):

      mumble-64bit-1.3.4-bp152.2.6.1


References:

   https://bugzilla.suse.com/1180068
   https://bugzilla.suse.com/1182123