A mumble security update has been released for SUSE Linux Enterprise 15 SP2.

openSUSE-SU-2021:0312-1: moderate: Security update for mumble

openSUSE Security Update: Security update for mumble
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0312-1
Rating: moderate
References: #1180068 #1182123
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for mumble fixes the following issues:

mumble was updated to 1.3.4:

* Fix use of outdated (non-existent) notification icon names
* Fix Security vulnerability caused by allowing non http/https URL schemes
in public server list (boo#1182123)
* Server: Fix Exit status for actions like --version or --supw
* Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

- update apparmor profiles to get warning free again on 15.2
- use abstractions for ssl files
- allow inet dgram sockets as mumble can also work via udp
- allow netlink socket (probably for dbus)
- properly allow lsb_release again
- add support for optional local include
- start murmurd directly as user mumble-server it gets rid of the
dac_override/setgid/setuid/chown permissions

Update to upstream version 1.3.3

Client:

* Fixed: Chatbox invisble (zero height) (#4388)
* Fixed: Handling of invalid packet sizes (#4394)
* Fixed: Race-condition leading to loss of shortcuts (#4430)
* Fixed: Link in About dialog is now clickable again (#4454)
* Fixed: Sizing issues in ACL-Editor (#4455)
* Improved: PulseAudio now always samples at 48 kHz (#4449)

Server:

* Fixed: Crash due to problems when using PostgreSQL (#4370)
* Fixed: Handling of invalid package sizes (#4392)

This update was imported from the openSUSE:Leap:15.2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2021-312=1


Package List:

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

mumble-1.3.4-bp152.2.6.1
mumble-server-1.3.4-bp152.2.6.1

- openSUSE Backports SLE-15-SP2 (aarch64_ilp32):

mumble-64bit-1.3.4-bp152.2.6.1

References:

  https://bugzilla.suse.com/1180068
  https://bugzilla.suse.com/1182123