Oval Definition:oval:org.opensuse.security:def:74502
Revision Date:2020-12-01Version:1
Title:Security update for mumble (Moderate)
Description:

This update for mumble fixes the following issues:

mumble was updated 1.3.2:

client: Fixed overlay not starting

Update to upstream version 1.3.1

- Security * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041

- ICE

* Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)

- GRPC

* Fixed: Segmentation fault during murmur shutdown (#3938)

- Client

* Fixed: Crash when using multiple monitors (#3756) * Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864) * Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) * Fixed: High CPU usage for update-check if update server not available (#4019) * Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) * Fixed: Small parts of whispering leaking out (#4051) * Fixed: Last audio frame of normal talking is sent to last whisper target (#4050) * Fixed: LAN-icon not found in ConnectDialog (#4058) * Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) * Improved: Don't send empty data to PulseAudio (#3316) * Improved: Use the SRV resolved port for UDP connections (#3820) * Improved: Manual Plugin UI (#3919) * Improved: Don't start Jack server by default (#3990) * Improved: Overlay doesn't hook into all other processes by default (#4041) * Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123)

- Server

* Fixed: Possibility to circumvent max user-count in channel (#3880) * Fixed: Rate-limit implementation susceptible to time-underflow (#4004) * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) * Fixed: Wrong database encoding that could lead to server-crash (#4220) * Fixed: DB crash due to primary key violation (now performs 'UPSERT' to avoid this) (#4105) * Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101)

- use the 'profile profilename /path/to/binary' syntax to make 'ps aufxZ' more readable

Family:unixClass:patch
Status:Reference(s):1174041
1176410
1177143
CVE-2020-25219
CVE-2020-26154
openSUSE-SU-2020:1016-1
openSUSE-SU-2020:1676-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • mumble-1.3.2-lp152.2.3 is installed
  • OR mumble-32bit-1.3.2-lp152.2.3 is installed
  • OR mumble-server-1.3.2-lp152.2.3 is installed
    • BACK