OPENSUSE-SU-2020:1016-1
Vulnerability from csaf_opensuse - Published: 2020-07-20 08:27 - Updated: 2020-07-20 08:27Summary
Security update for mumble
Notes
Title of the patch
Security update for mumble
Description of the patch
This update for mumble fixes the following issues:
mumble was updated 1.3.2:
* client: Fixed overlay not starting
Update to upstream version 1.3.1
- Security
* Fixed: Potential exploit in the OCB2 encryption (#4227)
boo#1174041
- ICE
* Fixed: Added missing UserKDFIterations field to UserInfo =>
Prevents getRegistration() from failing with enumerator
out of range error (#3835)
- GRPC
* Fixed: Segmentation fault during murmur shutdown (#3938)
- Client
* Fixed: Crash when using multiple monitors (#3756)
* Fixed: Don't send empty message from clipboard via shortcut,
if clipboard is empty (#3864)
* Fixed: Talking indicator being able to freeze to indicate talking
when self-muted (#4006)
* Fixed: High CPU usage for update-check if update server not
available (#4019)
* Fixed: DBus getCurrentUrl returning empty string when not in
root-channel (#4029)
* Fixed: Small parts of whispering leaking out (#4051)
* Fixed: Last audio frame of normal talking is sent to last
whisper target (#4050)
* Fixed: LAN-icon not found in ConnectDialog (#4058)
* Improved: Set maximal vertical size for User Volume Adjustment
dialog (#3801)
* Improved: Don't send empty data to PulseAudio (#3316)
* Improved: Use the SRV resolved port for UDP connections (#3820)
* Improved: Manual Plugin UI (#3919)
* Improved: Don't start Jack server by default (#3990)
* Improved: Overlay doesn't hook into all other processes by
default (#4041)
* Improved: Wait longer before disconnecting from a server due
to unanswered Ping-messages (#4123)
- Server
* Fixed: Possibility to circumvent max user-count
in channel (#3880)
* Fixed: Rate-limit implementation susceptible to
time-underflow (#4004)
* Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
* Fixed: VersionCheck for SQL for when to use the
WAL feature (#4163)
* Fixed: Wrong database encoding that could lead
to server-crash (#4220)
* Fixed: DB crash due to primary key violation
(now performs 'UPSERT' to avoid this) (#4105)
* Improved: The fields in the Version ProtoBuf message are
now size-restricted (#4101)
- use the 'profile profilename /path/to/binary' syntax to make
'ps aufxZ' more readable
Patchnames
openSUSE-2020-1016
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for mumble",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for mumble fixes the following issues:\n\nmumble was updated 1.3.2:\n\n* client: Fixed overlay not starting\n\nUpdate to upstream version 1.3.1\n\n- Security\n * Fixed: Potential exploit in the OCB2 encryption (#4227)\n boo#1174041\n\n- ICE\n\n * Fixed: Added missing UserKDFIterations field to UserInfo =\u003e\n Prevents getRegistration() from failing with enumerator\n out of range error (#3835)\n\n- GRPC\n\n * Fixed: Segmentation fault during murmur shutdown (#3938)\n\n- Client\n\n * Fixed: Crash when using multiple monitors (#3756)\n * Fixed: Don\u0027t send empty message from clipboard via shortcut,\n if clipboard is empty (#3864)\n * Fixed: Talking indicator being able to freeze to indicate talking\n when self-muted (#4006)\n * Fixed: High CPU usage for update-check if update server not\n available (#4019)\n * Fixed: DBus getCurrentUrl returning empty string when not in\n root-channel (#4029)\n * Fixed: Small parts of whispering leaking out (#4051)\n * Fixed: Last audio frame of normal talking is sent to last\n whisper target (#4050)\n * Fixed: LAN-icon not found in ConnectDialog (#4058)\n * Improved: Set maximal vertical size for User Volume Adjustment\n dialog (#3801)\n * Improved: Don\u0027t send empty data to PulseAudio (#3316)\n * Improved: Use the SRV resolved port for UDP connections (#3820)\n * Improved: Manual Plugin UI (#3919)\n * Improved: Don\u0027t start Jack server by default (#3990)\n * Improved: Overlay doesn\u0027t hook into all other processes by\n default (#4041)\n * Improved: Wait longer before disconnecting from a server due\n to unanswered Ping-messages (#4123)\n\n- Server\n\n * Fixed: Possibility to circumvent max user-count\n in channel (#3880)\n * Fixed: Rate-limit implementation susceptible to\n time-underflow (#4004)\n * Fixed: OpenSSL error 140E0197 with Qt \u003e= 5.12.2 (#4032)\n * Fixed: VersionCheck for SQL for when to use the\n WAL feature (#4163)\n * Fixed: Wrong database encoding that could lead\n to server-crash (#4220)\n * Fixed: DB crash due to primary key violation\n (now performs \u0027UPSERT\u0027 to avoid this) (#4105)\n * Improved: The fields in the Version ProtoBuf message are\n now size-restricted (#4101)\n\n- use the \u0027profile profilename /path/to/binary\u0027 syntax to make\n \u0027ps aufxZ\u0027 more readable\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1016",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1016-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1016-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OODU3GDLVHCIO2EXFIRC7B3L3H3DOQGM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1016-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OODU3GDLVHCIO2EXFIRC7B3L3H3DOQGM/"
},
{
"category": "self",
"summary": "SUSE Bug 1174041",
"url": "https://bugzilla.suse.com/1174041"
}
],
"title": "Security update for mumble",
"tracking": {
"current_release_date": "2020-07-20T08:27:56Z",
"generator": {
"date": "2020-07-20T08:27:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1016-1",
"initial_release_date": "2020-07-20T08:27:56Z",
"revision_history": [
{
"date": "2020-07-20T08:27:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "mumble-1.3.2-lp152.2.3.1.i586",
"product": {
"name": "mumble-1.3.2-lp152.2.3.1.i586",
"product_id": "mumble-1.3.2-lp152.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "mumble-server-1.3.2-lp152.2.3.1.i586",
"product": {
"name": "mumble-server-1.3.2-lp152.2.3.1.i586",
"product_id": "mumble-server-1.3.2-lp152.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "mumble-1.3.2-lp152.2.3.1.x86_64",
"product": {
"name": "mumble-1.3.2-lp152.2.3.1.x86_64",
"product_id": "mumble-1.3.2-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64",
"product": {
"name": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64",
"product_id": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "mumble-server-1.3.2-lp152.2.3.1.x86_64",
"product": {
"name": "mumble-server-1.3.2-lp152.2.3.1.x86_64",
"product_id": "mumble-server-1.3.2-lp152.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-1.3.2-lp152.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mumble-1.3.2-lp152.2.3.1.i586"
},
"product_reference": "mumble-1.3.2-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-1.3.2-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mumble-1.3.2-lp152.2.3.1.x86_64"
},
"product_reference": "mumble-1.3.2-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mumble-32bit-1.3.2-lp152.2.3.1.x86_64"
},
"product_reference": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-server-1.3.2-lp152.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mumble-server-1.3.2-lp152.2.3.1.i586"
},
"product_reference": "mumble-server-1.3.2-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-server-1.3.2-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:mumble-server-1.3.2-lp152.2.3.1.x86_64"
},
"product_reference": "mumble-server-1.3.2-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-1.3.2-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mumble-1.3.2-lp152.2.3.1.i586"
},
"product_reference": "mumble-1.3.2-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-1.3.2-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mumble-1.3.2-lp152.2.3.1.x86_64"
},
"product_reference": "mumble-1.3.2-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mumble-32bit-1.3.2-lp152.2.3.1.x86_64"
},
"product_reference": "mumble-32bit-1.3.2-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-server-1.3.2-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mumble-server-1.3.2-lp152.2.3.1.i586"
},
"product_reference": "mumble-server-1.3.2-lp152.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mumble-server-1.3.2-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:mumble-server-1.3.2-lp152.2.3.1.x86_64"
},
"product_reference": "mumble-server-1.3.2-lp152.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…