|
|
Log in / Subscribe / Register

openSUSE alert openSUSE-SU-2021:0300-1 (mumble)



From:
              opensuse-security@opensuse.org


To:
              opensuse-updates@opensuse.org


Subject:
              openSUSE-SU-2021:0300-1: moderate: Security update for mumble


Date:
              Tue, 16 Feb 2021 15:15:41 +0100


Message-ID:
              <20210216141541.55F51FFB4@maintenance.suse.de>


Archive-link:
              Article


   openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0300-1
Rating:             moderate
References:         #1180068 #1182123 
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   This update for mumble fixes the following issues:

   mumble was updated to 1.3.4:

   * Fix use of outdated (non-existent) notification icon names
   * Fix Security vulnerability caused by allowing non http/https URL schemes
     in public server list (boo#1182123)
   * Server: Fix Exit status for actions like --version or --supw
   * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

   - update apparmor profiles to get warning free again on 15.2
     - use abstractions for ssl files
     - allow inet dgram sockets as mumble can also work via udp
     - allow netlink socket (probably for dbus)
     - properly allow lsb_release again
     - add support for optional local include
   - start murmurd directly as user mumble-server it gets rid of the
     dac_override/setgid/setuid/chown permissions

   Update to upstream version 1.3.3

   Client:

   * Fixed: Chatbox invisble (zero height) (#4388)
   * Fixed: Handling of invalid packet sizes (#4394)
   * Fixed: Race-condition leading to loss of shortcuts (#4430)
   * Fixed: Link in About dialog is now clickable again (#4454)
   * Fixed: Sizing issues in ACL-Editor (#4455)
   * Improved: PulseAudio now always samples at 48 kHz (#4449)

   Server:

   * Fixed: Crash due to problems when using PostgreSQL (#4370)
   * Fixed: Handling of invalid package sizes (#4392)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-300=1



Package List:

   - openSUSE Leap 15.2 (i586 x86_64):

      mumble-1.3.4-lp152.2.6.1
      mumble-debuginfo-1.3.4-lp152.2.6.1
      mumble-debugsource-1.3.4-lp152.2.6.1
      mumble-server-1.3.4-lp152.2.6.1
      mumble-server-debuginfo-1.3.4-lp152.2.6.1

   - openSUSE Leap 15.2 (x86_64):

      mumble-32bit-1.3.4-lp152.2.6.1
      mumble-32bit-debuginfo-1.3.4-lp152.2.6.1


References:

   https://bugzilla.suse.com/1180068
   https://bugzilla.suse.com/1182123
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds