MGASA-2014-0245

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0245.html

Import Source

https://advisories.mageia.org/MGASA-2014-0245.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0245

Related

Published

2014-05-30T07:47:09Z

Modified

2014-05-30T07:46:32Z

Summary

Updated mumble packages fix two security vulnervabilitites

Details

Updated mumble packages fix security vulnerabilities:

In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be triggered remotely by an entity participating in a Mumble voice chat, using text messages, channel comments, user comments and user textures/avatars (CVE-2014-3755).

In Mumble before 1.2.6, The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. In some situations, this could be abused to perform a Denial of Service attack on a Mumble client by causing it to load external files via the HTML (CVE-2014-3756).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / mumble

Package

Name: mumble
Purl: pkg:rpm/mageia/mumble?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-14.1.mga4

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / mumble

Package

Name: mumble
Purl: pkg:rpm/mageia/mumble?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.3-10.1.mga3

Ecosystem specific

{
    "section": "core"
}