| |||||||||||||||||||
Mageia alert MGASA-2012-0248 (mumble)
MGASA-2012-0248 Date: August 30th, 2012 Affected releases: 2 Description: Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file (CVE-2012-0863). Additionally, the version of mumble shipped with Mageia 2 does not properly find and use the celt 0.7.1 library. This is the most common celt version and is required for communication with the Windows and OSX clients. This resulted in Mumble being able to connect fine, playback and record audio, appear as if everything is working perfectly, but then simply fail to play or send any audio. The updated packages fix these issues. Finally, the mumble-server-web package is being provided, as it was not provided initially with Mageia 2, and ICE support has been enabled. Updated Packages: mumble-1.2.3-2.3.mga2 mumble-11x-1.2.3-2.3.mga2 mumble-plugins-1.2.3-2.3.mga2 mumble-protocol-kde4-1.2.3-2.3.mga2 mumble-server-1.2.3-2.3.mga2 mumble-server-web-1.2.3-2.3.mga2 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201... http://www.debian.org/security/2012/dsa-2411 https://bugs.mageia.org/show_bug.cgi?id=6581 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-... (Log in to post comments)
|
|||||||||||||||||||