openSUSE Security Update : mumble (openSUSE-2021-300)

medium Nessus Plugin ID 146715

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for mumble fixes the following issues :

mumble was updated to 1.3.4 :

- Fix use of outdated (non-existent) notification icon names

- Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123)

- Server: Fix Exit status for actions like --version or
--supw

- Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

- update apparmor profiles to get warning free again on 15.2

- use abstractions for ssl files

- allow inet dgram sockets as mumble can also work via udp

- allow netlink socket (probably for dbus)

- properly allow lsb_release again

- add support for optional local include

- start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions

Update to upstream version 1.3.3

Client :

- Fixed: Chatbox invisble (zero height) (#4388)

- Fixed: Handling of invalid packet sizes (#4394)

- Fixed: Race-condition leading to loss of shortcuts (#4430)

- Fixed: Link in About dialog is now clickable again (#4454)

- Fixed: Sizing issues in ACL-Editor (#4455)

- Improved: PulseAudio now always samples at 48 kHz (#4449)

Server :

- Fixed: Crash due to problems when using PostgreSQL (#4370)

- Fixed: Handling of invalid package sizes (#4392)

Solution

Update the affected mumble packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1180068

https://bugzilla.opensuse.org/show_bug.cgi?id=1182123

Plugin Details

Severity: Medium

ID: 146715

File Name: openSUSE-2021-300.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/22/2021

Updated: 2/22/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mumble, p-cpe:/a:novell:opensuse:mumble-32bit, p-cpe:/a:novell:opensuse:mumble-32bit-debuginfo, p-cpe:/a:novell:opensuse:mumble-debuginfo, p-cpe:/a:novell:opensuse:mumble-debugsource, p-cpe:/a:novell:opensuse:mumble-server, p-cpe:/a:novell:opensuse:mumble-server-debuginfo, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/16/2021

Vulnerability Publication Date: 2/16/2021