MGASA-2012-0248
| Date: | August 30th, 2012 |
| Affected releases: | 2 |
Description:
Mumble 1.2.3 and earlier uses world-readable permissions for
.local/share/data/Mumble/.mumble.sqlite files in home directories,
which might allow local users to obtain a cleartext password and
configuration data by reading a file (CVE-2012-0863).
Additionally, the version of mumble shipped with Mageia 2 does not
properly find and use the celt 0.7.1 library. This is the most common
celt version and is required for communication with the Windows and OSX
clients. This resulted in Mumble being able to connect fine, playback
and record audio, appear as if everything is working perfectly, but
then simply fail to play or send any audio.
The updated packages fix these issues.
Finally, the mumble-server-web package is being provided, as it was not
provided initially with Mageia 2, and ICE support has been enabled.
Updated Packages:
mumble-1.2.3-2.3.mga2
mumble-11x-1.2.3-2.3.mga2
mumble-plugins-1.2.3-2.3.mga2
mumble-protocol-kde4-1.2.3-2.3.mga2
mumble-server-1.2.3-2.3.mga2
mumble-server-web-1.2.3-2.3.mga2
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0863
http://www.debian.org/security/2012/dsa-2411
https://bugs.mageia.org/show_bug.cgi?id=6581
