Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
202
security advisorylowOpenSUSEopenSUSE Leap 17.0 Security Update openSUSE-SU-2026-20487-3 CVE-2026-71235
An update that solves one vulnerability and has one bug fix can now be installed.. openSUSE security update: security update for mumble ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20394-1 Rating: low References: * bsc#1259721 Cross-References: * CVE-2025-71264 Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves one vulnerability and has one bug fix can now be installed. Description: This update for mumble fixes the following issues: Changes in mumble: - CVE-2025-71264: (opus) incorrect size calculations allow for an out-of-bounds array access and can lead to a client crash (boo#1259721) - Update to version 1.5.857: * fixes for undesired ACL behavior * Client bug fixes: UI, memory leaks, audio mute/volume behavior Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-packagehub-173=1 Package List: - openSUSE Leap 16.0: mumble-1.5.857-bp160.1.1 mumble-server-1.5.857-bp160.1.1 References: * https://www.suse.com/security/cve/CVE-2025-71264.html . An openSUSE update for mumble addresses a low-level issue with a client crash due to incorrect size calculations.. openSUSE mumble security client crash low severity. . Severity: Low. LinuxSecurity.com Team
Mar 25, 2026
•Low
OpenSUSE
202
security advisorymoderatethreatopenSUSE Tumbleweed moderate security risk CVE-2025-71264 2026-10388-1
An update that solves one vulnerability can now be installed.. # mumble-1.5.857-2.1 on GA media Announcement ID: openSUSE-SU-2026:10388-1 Rating: moderate Cross-References: * CVE-2025-71264 Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the mumble-1.5.857-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * mumble 1.5.857-2.1 * mumble-server 1.5.857-2.1 ## References: * https://www.suse.com/security/cve/CVE-2025-71264.html . Update for openSUSE Tumbleweed addresses moderate vulnerability in mumble-1.5.857-2.1, ensuring system integrity.. openSUSE Tumbleweed, mumble security, moderate threat, software update. . LinuxSecurity.com Team
Mar 20, 2026
OpenSUSE
172
security advisoryremote code executionarbitrary code executionUbuntu 20.04 LTS Advisory: Mumble Remote Code Execution Risk
A security issue was fixed in Mumble.. =========================================================================Ubuntu Security Notice USN-5195-1 December 16, 2021 mumble vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: A security issue was fixed in Mumble. Software Description: - mumble: Low latency encrypted VoIP client Details: It was discovered that the Mumble client supported websites for public serverswith arbitrary URL schemes. If a user were tricked into visiting a malicious website from the public server list, a remote attacker could possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: mumble 1.3.0+dfsg-1ubuntu0.1 Ubuntu 18.04 LTS: mumble 1.2.19-1ubuntu1.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5195-1 CVE-2021-27229 Package Information: https://launchpad.net/ubuntu/+source/mumble/1.3.0+dfsg-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mumble/1.2.19-1ubuntu1.1 . Upgrade your Ubuntu system to address the Mumble vulnerability and mitigate any possible threats of code execution.. Mumble Security, Ubuntu Threats, Remote Code Execution, Update Ubuntu, Security Advisory. . Severity: Important. LinuxSecurity.com Team
Dec 16, 2021
•Important
Ubuntu
203
security advisorycriticalsoftware updateMageia 7 & 8 - MGASA-2021-0125 Critical: Mumble Remote Code Execution
Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text (CVE-2021-27229). References: . MGASA-2021-0125 - Updated mumble packages fix a security vulnerability Publication date: 12 Mar 2021 URL: https://advisories.mageia.org/MGASA-2021-0125.html Type: security Affected Mageia releases: 7, 8 CVE: CVE-2021-27229 Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text (CVE-2021-27229). References: - https://bugs.mageia.org/show_bug.cgi?id=28450 - https://lists.debian.org/debian-lts-announce/2021/02/msg00022.html - https://www.cve.org/CVERecord?id=CVE-2021-27229 SRPMS: - 7/core/mumble-1.3.4-1.mga7 - 8/core/mumble-1.3.4-1.mga8 . Recent updates to mumble packages in Mageia tackle a vulnerability linked to remote code execution, bolstering protections for the system against potential threats.. Mumble Update,Mageia Security,Remote Code Execution,Software Security Update. . Severity: Critical. LinuxSecurity.com Team
Mar 11, 2021
•Critical
Mageia
198
security advisoryremote accessmedium severityArch Linux: ASA-202102-32 Medium: Mumble Remote Code Execution Advisory
The package mumble before version 1.3.4-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202102-32 ========================================= Severity: Medium Date : 2021-02-20 CVE-ID : CVE-2021-27229 Package : mumble Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1576 Summary ====== The package mumble before version 1.3.4-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 1.3.4-1. # pacman -Syu "mumble> =1.3.4-1" The problem has been fixed upstream in version 1.3.4. Workaround ========= None. Description ========== Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. Impact ===== A remote attacker is able to execute arbitrary code by tricking the user into opening the web page text of a server list. References ========= https://github.com/mumble-voip/mumble/pull/4733 https://github.com/mumble-voip/mumble/commit/e59ee87abe249f345908c7d568f6879d16bfd648 https://security.archlinux.org/CVE-2021-27229 . Arch Linux Security Notice ASA-202103-47. Mumble software versions prior to 1.3.5-2 are exposed to potential remote execution threats.. Arch Linux Security Advisory,Mumble Package,Remote Code Execution,Arbitrary Code Execution. . Severity: Medium. LinuxSecurity.com Team
Feb 25, 2021
•Medium
ArchLinux
202
security advisorymoderatesecurity updateopenSUSE: 2021:0312-2 Moderate: Mumble Security Update and Fix
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for mumble ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0312-1 Rating: moderate References: #1180068 #1182123 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mumble fixes the following issues: mumble was updated to 1.3.4: * Fix use of outdated (non-existent) notification icon names * Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123) * Server: Fix Exit status for actions like --version or --supw * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation - update apparmor profiles to get warning free again on 15.2 - use abstractions for ssl files - allow inet dgram sockets as mumble can also work via udp - allow netlink socket (probably for dbus) - properly allow lsb_release again - add support for optional local include - start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions Update to upstream version 1.3.3 Client: * Fixed: Chatbox invisble (zero height) (#4388) * Fixed: Handling of invalid packet sizes (#4394) * Fixed: Race-condition leading to loss of shortcuts (#4430) * Fixed: Link in About dialog is now clickable again (#4454) * Fixed: Sizing issues in ACL-Editor (#4455) * Improved: PulseAudio now always samples at 48 kHz (#4449) Server: * Fixed: Crash due to problems when using PostgreSQL (#4370) * Fixed: Handling of invalid package sizes (#4392) This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update usethe SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-312=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): mumble-1.3.4-bp152.2.6.1 mumble-server-1.3.4-bp152.2.6.1 - openSUSE Backports SLE-15-SP2 (aarch64_ilp32): mumble-64bit-1.3.4-bp152.2.6.1 References: https://bugzilla.suse.com/1180068 https://bugzilla.suse.com/1182123 . The latest Mumble update on openSUSE tackles security vulnerabilities, implements enhanced moderation functionalities, and boosts overall performance.. openSUSE Security,mumble Update,security Fix,moderate Issue. . LinuxSecurity.com Team
Feb 19, 2021
OpenSUSE
89
security advisoryFedorabug fixFedora 32 Mumble 1.3.2 SECURITY Fix Advisory for Overlay Issues
Mumble 1.3.2. === Client * Fixed: Overlay not starting (#4282) Server * Fixed: keychain-error on macOS for custom certificates (#4345) Known issues * Overlay blocked by BattleEye. A request to whitelist it has been made. * Overlay blocked by CS:GO Trusted Mode. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-8372f6bae4 2020-10-05 17:31:54.046734 --------------------------------------------------------------------------------Name : mumble Product : Fedora 32 Version : 1.3.2 Release : 1.fc32 URL : https://www.mumble.info/ Summary : Voice chat suite aimed at gamers Description : Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players. --------------------------------------------------------------------------------Update Information: Mumble 1.3.2. === Client * Fixed: Overlay not starting (#4282) Server * Fixed: keychain-error on macOS for custom certificates (#4345) Known issues * Overlay blocked by BattleEye. A request to whitelist it has been made. * Overlay blocked by CS:GO Trusted Mode --------------------------------------------------------------------------------ChangeLog: * Fri Sep 25 2020 Carl George - 1.3.2-1 - Latest upstream - Add upstream patch for push-to-talk dbus calls * Thu Sep 24 2020 Adrian Reber - 1.3.0-7 - Rebuilt for protobuf 3.13 * Sat Aug 1 2020 Fedora Release Engineering - 1.3.0-6 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering - 1.3.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sun Jun 14 2020 Adrian Reber - 1.3.0-4 - Rebuilt for protobuf 3.12 * Wed Jun 3 2020 Rex Dieter - 1.3.0-3 - mumble: dropqt5-qtbase-sqlite dep (#1832458) * Fri Apr 24 2020 Rex Dieter - 1.3.0-2 - fix Qt5 deps --------------------------------------------------------------------------------References: [ 1 ] Bug #1417576 - Push-to-talk not working with Wayland https://bugzilla.redhat.com/show_bug.cgi?id=1417576 [ 2 ] Bug #1823111 - mumble-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1823111 [ 3 ] Bug #1849735 - CVE-2020-13962 mumble: qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1849735 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-8372f6bae4' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 05, 2020
•Important
Fedora
202
security advisorymoderatebuffer overflowopenSUSE 15 Backports: 2020:1439-2 Moderate: Mumble Security Fix
An update that contains security fixes can now be installed.. openSUSE Security Update: Security update for mumble ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1439-2 Rating: moderate References: #1174041 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mumble fixes the following issues: mumble was updated 1.3.2: * client: Fixed overlay not starting Update to upstream version 1.3.1 - Security * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041 - ICE * Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) - GRPC * Fixed: Segmentation fault during murmur shutdown (#3938) - Client * Fixed: Crash when using multiple monitors (#3756) * Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864) * Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) * Fixed: High CPU usage for update-check if update server not available (#4019) * Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) * Fixed: Small parts of whispering leaking out (#4051) * Fixed: Last audio frame of normal talking is sent to last whisper target (#4050) * Fixed: LAN-icon not found in ConnectDialog (#4058) * Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) * Improved: Don't send empty data to PulseAudio (#3316) * Improved: Use the SRV resolved port for UDP connections (#3820) * Improved: Manual Plugin UI (#3919) * Improved: Don't start Jack server by default (#3990) * Improved: Overlay doesn't hook into all other processes by default (#4041) * Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) - Server * Fixed: Possibility to circumvent max user-count in channel (#3880) * Fixed: Rate-limit implementation susceptible to time-underflow (#4004) * Fixed: OpenSSL error 140E0197 with Qt > = 5.12.2 (#4032) * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) * Fixed: Wrong database encoding that could lead to server-crash (#4220) * Fixed: DB crash due to primary key violation (now performs "UPSERT" to avoid this) (#4105) * Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101) - use the "profile profilename /path/to/binary" syntax to make "ps aufxZ" more readable This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1439=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): mumble-1.3.2-bp152.2.3.1 mumble-debuginfo-1.3.2-bp152.2.3.1 mumble-debugsource-1.3.2-bp152.2.3.1 mumble-server-1.3.2-bp152.2.3.1 mumble-server-debuginfo-1.3.2-bp152.2.3.1 - openSUSE Backports SLE-15-SP2 (aarch64_ilp32): mumble-64bit-1.3.2-bp152.2.3.1 mumble-64bit-debuginfo-1.3.2-bp152.2.3.1 References: https://bugzilla.suse.com/1174041 -- . Critical notification for Mumble on openSUSE regarding security vulnerabilities and improved reliability, update immediately.. openSUSE Security, Mumble Update, Security Fixes, System Enhancements. . LinuxSecurity.com Team
Sep 18, 2020
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!