Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.0633 mumble security update 19 February 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mumble Publisher: Debian Operating System: Debian GNU/Linux Linux variants Windows Mac OS Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2021-27229 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/02/msg00022.html Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running mumble check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2562-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb February 18, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : mumble Version : 1.2.18-1+deb9u2 CVE ID : CVE-2021-27229 Debian Bug : #982904 It was discovered that there was a a remote code execution vulnerability in mumble, a VoIP client commonly used for group chats. The exploit could have been been triggered by a maliciously crafted URL on the server list. For Debian 9 "Stretch", this problem has been fixed in version 1.2.18-1+deb9u2. We recommend that you upgrade your mumble packages. For the detailed security status of mumble please refer to its security tracker page at: https://security-tracker.debian.org/tracker/mumble Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmAuUZQACgkQHpU+J9Qx Hlg+lQ/+KAdtDc6cmP5270SFIq5ER2UB1Tebf3Y+uEK2d1L7qlFT/Kocm1WH+3NV HYffrNFVkQEQaS6lK24ikjYvFNl05S2DoMtwLpgGfdRLBbW6p72oTK58bvurl61r CtG5rczw+7tUTfNBsvow2PLxgpL2Nl/+HpcTkBYuXfS3pbWNIWoguP43cDpy7ljR 1p0Y1lSIGBhxXjdgLJQKvVELMQX0mVFuSXK6z9gA0YStz4qzgj1PswhGJC6uqcqU u9B5Gbs8NpWGadxYzeSMk1Dpv2LdyrkyCEEJrWY0iIPc6r7w1cn/aUaqiKHi6tAv FyCKlkQVv3vcHx30jSYS4L+HBevnhxys+eaLFV+CJ7cSY5CtEsldwzmuOIY4sb0H sfHtwC2Uf/Z51lStTtsS5/lQI+zJbINAn/F3TsG0PgYTDaiW4lHZAOBbrQ5WM/4C CGx2fBqDtQyMtgJEhhox+NAq+jwKL0RKEfwEpqwcsFpezgiOB5z5ZKI2rZZ+9qJp v+li2ycOzmvHNhLAxSbodorluNBdVfbdkRlcHBrhY9PRWqHLQb2eo3hijMI9UIia zLaF8YOH+wcJwiSNppZfinAGPfWAu02YrK04BTiQl0QAiM1FknLbVnBiMo8uGDBk 7DYvwVXCV3Tg52xbybJIdl+iZfjThiLELhVchOn2Ft9xjD0k//U= =OiNH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYC9GH+NLKJtyKPYoAQhISw//ZSK/k9VG8NCcAmmBqzx0V1ydqkrmGiDQ 5DwVnQBoPqn3IBgHZq0umkw0QDGtd7cWdUZN5PV3BHS5smjAyWxkMhkpRiPbGbZZ fEOh3ZZIYUCB72J034dnvAsbO/x0y20tDPDqRYjtZ5CJPU7BsfivhhMINLZnGe4U PLAspQvmzqqHxilA9zTFfNX7I/jaSbqFM3yZwmAQ9R4eRNYDhOeD+YbxNieIH7BZ iMdcRy5CJ9vP7+xnvddmRqkjW5mRW8CYQOgHqC8Thd4GRQ2CvTxaXiTs7hbYS7S/ neaWs6NV4nYnRW/QTrJuZ1SKPsI4lTl7Wen5XCIhOXdl600fmnGxErw/KyYZWTOY VA7PMgQHxJdjg3WZeLpgAP1rCdhG+y/+YQUQntwl9VSoeuivrMtA9bGulVlvUJsR LTdMvYVC0UquA+fGkom/HsYg9tNJYMcGWGjAZt7jp3U0hy0qW0Fmp2ab2sqTV8X9 9gRpE7btJ5+aP1qPklHTCXnZV/v8zhCSDAshiWd/iAN8k5CMz1JPQNOl4PwI8Ri4 0aQnCbZ/uWsZ+V/Ft7PPPt9aKRvW/H8OSvPNt/bEG3Iaab0Ax2JgKkSQAXtWbkkZ HppN4SxtBpq+mrgAZN/agCD/1Gp4PE3/6tKbYbaazMPkEiQw+lclv5gMh+0m4ddq DJQfoQTMn9A= =6/6d -----END PGP SIGNATURE-----