openSUSE-SU-2021:0300-1: moderate: Security update for mumble
openSUSE Security Update: Security update for mumble
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0300-1
Rating: moderate
References: #1180068 #1182123
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for mumble fixes the following issues:
mumble was updated to 1.3.4:
* Fix use of outdated (non-existent) notification icon names
* Fix Security vulnerability caused by allowing non http/https URL schemes
in public server list (boo#1182123)
* Server: Fix Exit status for actions like --version or --supw
* Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation
- update apparmor profiles to get warning free again on 15.2
- use abstractions for ssl files
- allow inet dgram sockets as mumble can also work via udp
- allow netlink socket (probably for dbus)
- properly allow lsb_release again
- add support for optional local include
- start murmurd directly as user mumble-server it gets rid of the
dac_override/setgid/setuid/chown permissions
Update to upstream version 1.3.3
Client:
* Fixed: Chatbox invisble (zero height) (#4388)
* Fixed: Handling of invalid packet sizes (#4394)
* Fixed: Race-condition leading to loss of shortcuts (#4430)
* Fixed: Link in About dialog is now clickable again (#4454)
* Fixed: Sizing issues in ACL-Editor (#4455)
* Improved: PulseAudio now always samples at 48 kHz (#4449)
Server:
* Fixed: Crash due to problems when using PostgreSQL (#4370)
* Fixed: Handling of invalid package sizes (#4392)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-300=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
mumble-1.3.4-lp152.2.6.1
mumble-debuginfo-1.3.4-lp152.2.6.1
mumble-debugsource-1.3.4-lp152.2.6.1
mumble-server-1.3.4-lp152.2.6.1
mumble-server-debuginfo-1.3.4-lp152.2.6.1
- openSUSE Leap 15.2 (x86_64):
mumble-32bit-1.3.4-lp152.2.6.1
mumble-32bit-debuginfo-1.3.4-lp152.2.6.1
References:
https://bugzilla.suse.com/1180068
https://bugzilla.suse.com/1182123
A mumble security update has been released for openSUSE Leap 15.2.