GLSA-201406-06 : Mumble: Multiple vulnerabilities
High Nessus Plugin ID 74371
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201406-06 (Mumble: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Mumble:
A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the opus_packet_get_samples_per_frame function (CVE-2014-0044) A crafted packet can trigger an error in the opus_decode_float function, leading to a heap-based buffer overflow (CVE-2014-0045) A crafted SVG referencing local files can lead to resource exhaustion or hangs (CVE-2014-3755) Mumble does not properly escape HTML in some external strings before displaying them (CVE-2014-3756) Impact :
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll Mumble users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/mumble-1.2.6'