Detections
Analytics

openSUSE Security Update : mumble (openSUSE-2021-300)

medium Nessus Plugin ID 146715

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for mumble fixes the following issues :

mumble was updated to 1.3.4 :

 - Fix use of outdated (non-existent) notification icon names

 - Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123)

 - Server: Fix Exit status for actions like --version or
 --supw

 - Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation

 - update apparmor profiles to get warning free again on 15.2

 - use abstractions for ssl files

 - allow inet dgram sockets as mumble can also work via udp

 - allow netlink socket (probably for dbus)

 - properly allow lsb_release again

 - add support for optional local include

 - start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions

Update to upstream version 1.3.3

Client :

 - Fixed: Chatbox invisble (zero height) (#4388)

 - Fixed: Handling of invalid packet sizes (#4394)

 - Fixed: Race-condition leading to loss of shortcuts (#4430)

 - Fixed: Link in About dialog is now clickable again (#4454)

 - Fixed: Sizing issues in ACL-Editor (#4455)

 - Improved: PulseAudio now always samples at 48 kHz (#4449)

Server :

 - Fixed: Crash due to problems when using PostgreSQL (#4370)

 - Fixed: Handling of invalid package sizes (#4392)

Solution

Update the affected mumble packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1180068

https://bugzilla.opensuse.org/show_bug.cgi?id=1182123

Plugin Details

Severity: Medium

ID: 146715

File Name: openSUSE-2021-300.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/22/2021

Updated: 2/22/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:mumble, p-cpe:/a:novell:opensuse:mumble-32bit, p-cpe:/a:novell:opensuse:mumble-server, p-cpe:/a:novell:opensuse:mumble-32bit-debuginfo, p-cpe:/a:novell:opensuse:mumble-debuginfo, p-cpe:/a:novell:opensuse:mumble-debugsource, p-cpe:/a:novell:opensuse:mumble-server-debuginfo, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/16/2021

Vulnerability Publication Date: 2/16/2021