Mageia alert MGASA-2012-0247 (mumble)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2012-0247: mumble-1.2.3-1.3.mga1 (1/core) 
Date:
    	     
 
Thu, 30 Aug 2012 12:20:49 +0200
Message-ID:
    	     
 
<20120830102049.GA16199@valstar.mageia.org>
Archive-link:
    	     
 
Article, Thread
              
MGASA-2012-0247
Date: 	August 30th, 2012
Affected releases: 	1


Description:
Updated mumble packages fix security vulnerability:

Mumble 1.2.3 and earlier uses world-readable permissions for
.local/share/data/Mumble/.mumble.sqlite files in home directories,
which might allow local users to obtain a cleartext password and
configuration data by reading a file (CVE-2012-0863).

Additionally, ICE support has been enabled.


Updated Packages:
mumble-1.2.3-1.3.mga1
mumble-11x-1.2.3-1.3.mga1
mumble-plugins-1.2.3-1.3.mga1
mumble-protocol-kde4-1.2.3-1.3.mga1
mumble-server-1.2.3-1.3.mga1
mumble-server-web-1.2.3-1.3.mga1


References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201...
http://www.debian.org/security/2012/dsa-2411
https://bugs.mageia.org/show_bug.cgi?id=6511
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...