Detections
Analytics

openSUSE Security Update : mumble (openSUSE-2020-1016)

medium Nessus Plugin ID 138785

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for mumble fixes the following issues :

mumble was updated 1.3.2 :

 - client: Fixed overlay not starting

Update to upstream version 1.3.1

 - Security

 - Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041

 - ICE

 - Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)

 - GRPC

 - Fixed: Segmentation fault during murmur shutdown (#3938)

 - Client

 - Fixed: Crash when using multiple monitors (#3756)

 - Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864)

 - Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006)

 - Fixed: High CPU usage for update-check if update server not available (#4019)

 - Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029)

 - Fixed: Small parts of whispering leaking out (#4051)

 - Fixed: Last audio frame of normal talking is sent to last whisper target (#4050)

 - Fixed: LAN-icon not found in ConnectDialog (#4058)

 - Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801)

 - Improved: Don't send empty data to PulseAudio (#3316)

 - Improved: Use the SRV resolved port for UDP connections (#3820)

 - Improved: Manual Plugin UI (#3919)

 - Improved: Don't start Jack server by default (#3990)

 - Improved: Overlay doesn't hook into all other processes by default (#4041)

 - Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123)

 - Server

 - Fixed: Possibility to circumvent max user-count in channel (#3880)

 - Fixed: Rate-limit implementation susceptible to time-underflow (#4004)

 - Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)

 - Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)

 - Fixed: Wrong database encoding that could lead to server-crash (#4220)

 - Fixed: DB crash due to primary key violation (now performs 'UPSERT' to avoid this) (#4105)

 - Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101)

 - use the 'profile profilename /path/to/binary' syntax to make 'ps aufxZ' more readable

Solution

Update the affected mumble packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1174041

Plugin Details

Severity: Medium

ID: 138785

File Name: openSUSE-2020-1016.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/21/2020

Updated: 7/21/2020

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mumble-32bit, p-cpe:/a:novell:opensuse:mumble-32bit-debuginfo, cpe:/o:novell:opensuse:15.1, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:mumble-server, p-cpe:/a:novell:opensuse:mumble-debuginfo, p-cpe:/a:novell:opensuse:mumble, p-cpe:/a:novell:opensuse:mumble-debugsource, p-cpe:/a:novell:opensuse:mumble-server-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/20/2020

Vulnerability Publication Date: 7/20/2020