Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.0633
mumble security update
19 February 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: mumble
Publisher: Debian
Operating System: Debian GNU/Linux
Linux variants
Windows
Mac OS
Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27229
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/02/msg00022.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running mumble check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2562-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
February 18, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : mumble
Version : 1.2.18-1+deb9u2
CVE ID : CVE-2021-27229
Debian Bug : #982904
It was discovered that there was a a remote code execution
vulnerability in mumble, a VoIP client commonly used for group chats.
The exploit could have been been triggered by a maliciously crafted
URL on the server list.
For Debian 9 "Stretch", this problem has been fixed in version
1.2.18-1+deb9u2.
We recommend that you upgrade your mumble packages.
For the detailed security status of mumble please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mumble
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAuUZQACgkQHpU+J9Qx
Hlg+lQ/+KAdtDc6cmP5270SFIq5ER2UB1Tebf3Y+uEK2d1L7qlFT/Kocm1WH+3NV
HYffrNFVkQEQaS6lK24ikjYvFNl05S2DoMtwLpgGfdRLBbW6p72oTK58bvurl61r
CtG5rczw+7tUTfNBsvow2PLxgpL2Nl/+HpcTkBYuXfS3pbWNIWoguP43cDpy7ljR
1p0Y1lSIGBhxXjdgLJQKvVELMQX0mVFuSXK6z9gA0YStz4qzgj1PswhGJC6uqcqU
u9B5Gbs8NpWGadxYzeSMk1Dpv2LdyrkyCEEJrWY0iIPc6r7w1cn/aUaqiKHi6tAv
FyCKlkQVv3vcHx30jSYS4L+HBevnhxys+eaLFV+CJ7cSY5CtEsldwzmuOIY4sb0H
sfHtwC2Uf/Z51lStTtsS5/lQI+zJbINAn/F3TsG0PgYTDaiW4lHZAOBbrQ5WM/4C
CGx2fBqDtQyMtgJEhhox+NAq+jwKL0RKEfwEpqwcsFpezgiOB5z5ZKI2rZZ+9qJp
v+li2ycOzmvHNhLAxSbodorluNBdVfbdkRlcHBrhY9PRWqHLQb2eo3hijMI9UIia
zLaF8YOH+wcJwiSNppZfinAGPfWAu02YrK04BTiQl0QAiM1FknLbVnBiMo8uGDBk
7DYvwVXCV3Tg52xbybJIdl+iZfjThiLELhVchOn2Ft9xjD0k//U=
=OiNH
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYC9GH+NLKJtyKPYoAQhISw//ZSK/k9VG8NCcAmmBqzx0V1ydqkrmGiDQ
5DwVnQBoPqn3IBgHZq0umkw0QDGtd7cWdUZN5PV3BHS5smjAyWxkMhkpRiPbGbZZ
fEOh3ZZIYUCB72J034dnvAsbO/x0y20tDPDqRYjtZ5CJPU7BsfivhhMINLZnGe4U
PLAspQvmzqqHxilA9zTFfNX7I/jaSbqFM3yZwmAQ9R4eRNYDhOeD+YbxNieIH7BZ
iMdcRy5CJ9vP7+xnvddmRqkjW5mRW8CYQOgHqC8Thd4GRQ2CvTxaXiTs7hbYS7S/
neaWs6NV4nYnRW/QTrJuZ1SKPsI4lTl7Wen5XCIhOXdl600fmnGxErw/KyYZWTOY
VA7PMgQHxJdjg3WZeLpgAP1rCdhG+y/+YQUQntwl9VSoeuivrMtA9bGulVlvUJsR
LTdMvYVC0UquA+fGkom/HsYg9tNJYMcGWGjAZt7jp3U0hy0qW0Fmp2ab2sqTV8X9
9gRpE7btJ5+aP1qPklHTCXnZV/v8zhCSDAshiWd/iAN8k5CMz1JPQNOl4PwI8Ri4
0aQnCbZ/uWsZ+V/Ft7PPPt9aKRvW/H8OSvPNt/bEG3Iaab0Ax2JgKkSQAXtWbkkZ
HppN4SxtBpq+mrgAZN/agCD/1Gp4PE3/6tKbYbaazMPkEiQw+lclv5gMh+0m4ddq
DJQfoQTMn9A=
=6/6d
-----END PGP SIGNATURE-----