[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1661-1] mumble security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mumble
Version        : 1.2.8-2+deb8u1
CVE ID         : CVE-2018-20743
Debian Bug     : 919249


It has been found that the mumble-server mishandles multiple
concurrent requests that are persisted in the database, which allows
remote attackers to cause a denial of service (daemon hang or crash)
via a message flood. With the new security update a rate limiter is
added with Leaky-Bucket algorithm.

For Debian 8 "Jessie", this problem has been fixed in version
1.2.8-2+deb8u1.

We recommend that you upgrade your mumble packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlxbB7wACgkQhj1N8u2c
KO9yDA/6AgSETZ2YWsSbQdjWrHclrmhEdJcfdxMrC5Cor99NbC6WLQgPp0ecsNuF
i2JuTYu4dwqggtI7ASQepKjpNWGokldcf3AXDinhBIQXxZ81LvgDLbfM+FZW69la
OIIusy+0PyRIw3caPcdIwqzGvLz1I0dZPZZ0LazfOwyiu7xdcO9z6tYEzq/51xZj
T2RVVzyg9ZgPwbhIC8YUz35UY67sN86tqg1Tf8NlkYQub4TyR62pR5GTvOZjsd28
n85Kh48iOJgUp+eTTxqFpIZj1161Csa15eBqNribMJHQ8bDxtYi4AX1WmVKztJUG
a51azBf/NAtSh+favuGnngWMkfopIE1ViCAXLzvF0ZUd4Qo0v5AwvWlX4wd/kp1E
7amtvqOulvAlsiuIgZ3QeG/y91C1UbEhuZNAZSh1b33mnGcMmeoiMxSflrgallnB
qt87Fnq9oU0r0k8+B5Bl1HaNHL15ZRaydp3V38ObwqX1GDY32hgS+F907TNashDo
35QQyf0vgN+HkmaAuP//oah43dI99PQzNWBoXBfo1zGETj1bnhjs3b33IlQukfa9
qw3uN8xKtVd3XtcIImBmG92QydRBSCn8jLS6koyIxyI3gRuMA1H7/MuhRUybAle0
tUkstrh+j1eHhW8IrnF0JFlMvMGdMsTKlKL1IbrTWLtIfGg3uQQ=
=Z1I8
-----END PGP SIGNATURE-----


Reply to: