Security update for mumble SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1439-1 Final 1 1 2020-09-16T10:22:57Z current 2020-09-16T10:22:57Z 2020-09-16T10:22:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for mumble This update for mumble fixes the following issues: mumble was updated 1.3.2: * client: Fixed overlay not starting Update to upstream version 1.3.1 - Security * Fixed: Potential exploit in the OCB2 encryption (#4227) boo#1174041 - ICE * Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835) - GRPC * Fixed: Segmentation fault during murmur shutdown (#3938) - Client * Fixed: Crash when using multiple monitors (#3756) * Fixed: Don't send empty message from clipboard via shortcut, if clipboard is empty (#3864) * Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006) * Fixed: High CPU usage for update-check if update server not available (#4019) * Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029) * Fixed: Small parts of whispering leaking out (#4051) * Fixed: Last audio frame of normal talking is sent to last whisper target (#4050) * Fixed: LAN-icon not found in ConnectDialog (#4058) * Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801) * Improved: Don't send empty data to PulseAudio (#3316) * Improved: Use the SRV resolved port for UDP connections (#3820) * Improved: Manual Plugin UI (#3919) * Improved: Don't start Jack server by default (#3990) * Improved: Overlay doesn't hook into all other processes by default (#4041) * Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123) - Server * Fixed: Possibility to circumvent max user-count in channel (#3880) * Fixed: Rate-limit implementation susceptible to time-underflow (#4004) * Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032) * Fixed: VersionCheck for SQL for when to use the WAL feature (#4163) * Fixed: Wrong database encoding that could lead to server-crash (#4220) * Fixed: DB crash due to primary key violation (now performs 'UPSERT' to avoid this) (#4105) * Improved: The fields in the Version ProtoBuf message are now size-restricted (#4101) - use the 'profile profilename /path/to/binary' syntax to make 'ps aufxZ' more readable This update was imported from the openSUSE:Leap:15.1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1439 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YHGVKI35Y2ULNMWU6UGACOYKTMQUFTCO/ E-Mail link for openSUSE-SU-2020:1439-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1174041 SUSE Bug 1174041 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 mumble-1.3.2-bp152.2.3.1 mumble-64bit-1.3.2-bp152.2.3.1 mumble-server-1.3.2-bp152.2.3.1 mumble-1.3.2-bp152.2.3.1 as a component of SUSE Package Hub 15 SP1 mumble-64bit-1.3.2-bp152.2.3.1 as a component of SUSE Package Hub 15 SP1 mumble-server-1.3.2-bp152.2.3.1 as a component of SUSE Package Hub 15 SP1 mumble-1.3.2-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 mumble-64bit-1.3.2-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2 mumble-server-1.3.2-bp152.2.3.1 as a component of SUSE Package Hub 15 SP2