openSUSE Security Update: Security update for mumble ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0312-1 Rating: moderate References: #1180068 #1182123 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mumble fixes the following issues: mumble was updated to 1.3.4: * Fix use of outdated (non-existent) notification icon names * Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123) * Server: Fix Exit status for actions like --version or --supw * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation - update apparmor profiles to get warning free again on 15.2 - use abstractions for ssl files - allow inet dgram sockets as mumble can also work via udp - allow netlink socket (probably for dbus) - properly allow lsb_release again - add support for optional local include - start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions Update to upstream version 1.3.3 Client: * Fixed: Chatbox invisble (zero height) (#4388) * Fixed: Handling of invalid packet sizes (#4394) * Fixed: Race-condition leading to loss of shortcuts (#4430) * Fixed: Link in About dialog is now clickable again (#4454) * Fixed: Sizing issues in ACL-Editor (#4455) * Improved: PulseAudio now always samples at 48 kHz (#4449) Server: * Fixed: Crash due to problems when using PostgreSQL (#4370) * Fixed: Handling of invalid package sizes (#4392) This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2021-312=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): mumble-1.3.4-bp152.2.6.1 mumble-server-1.3.4-bp152.2.6.1 - openSUSE Backports SLE-15-SP2 (aarch64_ilp32): mumble-64bit-1.3.4-bp152.2.6.1 References: https://bugzilla.suse.com/1180068 https://bugzilla.suse.com/1182123