Updated mumble packages fix two security vulnervabilititesPublication date: 30 May 2014
Affected Mageia releases : 3 , 4
CVE: CVE-2014-3755 , CVE-2014-3756
Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be triggered remotely by an entity participating in a Mumble voice chat, using text messages, channel comments, user comments and user textures/avatars (CVE-2014-3755). In Mumble before 1.2.6, The Mumble client did not properly HTML-escape some external strings before using them in a rich-text (HTML) context. In some situations, this could be abused to perform a Denial of Service attack on a Mumble client by causing it to load external files via the HTML (CVE-2014-3756).