openSUSE Security Update: Security update for mumble ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0300-1 Rating: moderate References: #1180068 #1182123 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for mumble fixes the following issues: mumble was updated to 1.3.4: * Fix use of outdated (non-existent) notification icon names * Fix Security vulnerability caused by allowing non http/https URL schemes in public server list (boo#1182123) * Server: Fix Exit status for actions like --version or --supw * Fix packet loss & audio artifacts caused by OCB2 XEX* mitigation - update apparmor profiles to get warning free again on 15.2 - use abstractions for ssl files - allow inet dgram sockets as mumble can also work via udp - allow netlink socket (probably for dbus) - properly allow lsb_release again - add support for optional local include - start murmurd directly as user mumble-server it gets rid of the dac_override/setgid/setuid/chown permissions Update to upstream version 1.3.3 Client: * Fixed: Chatbox invisble (zero height) (#4388) * Fixed: Handling of invalid packet sizes (#4394) * Fixed: Race-condition leading to loss of shortcuts (#4430) * Fixed: Link in About dialog is now clickable again (#4454) * Fixed: Sizing issues in ACL-Editor (#4455) * Improved: PulseAudio now always samples at 48 kHz (#4449) Server: * Fixed: Crash due to problems when using PostgreSQL (#4370) * Fixed: Handling of invalid package sizes (#4392) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-300=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): mumble-1.3.4-lp152.2.6.1 mumble-debuginfo-1.3.4-lp152.2.6.1 mumble-debugsource-1.3.4-lp152.2.6.1 mumble-server-1.3.4-lp152.2.6.1 mumble-server-debuginfo-1.3.4-lp152.2.6.1 - openSUSE Leap 15.2 (x86_64): mumble-32bit-1.3.4-lp152.2.6.1 mumble-32bit-debuginfo-1.3.4-lp152.2.6.1 References: https://bugzilla.suse.com/1180068 https://bugzilla.suse.com/1182123