Bug#919249: security issue: instability and crash due to crafted message flooding
Hi, On Mon, Jan 14, 2019 at 04:53:14AM +, Chris Knadle wrote: > Package: mumble > Version: 1.2.19-3 > Severity: important > Tags: security fixed-upstream fixed-in-experimental > > > It is currently possible to cause mumble-server to freeze and/or crash by > sending specifically it crafted commands, leading to a denial of service. > The server usually automatically recovers, however it has been reported that > in some instances it can take up to an hour after the attack has ended. > The attack can be done remotely and does not need special permissions. > > All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are > affected. This issue has been assigned CVE-2018-20743. Regards, Salvatore
Bug#919249: security issue: instability and crash due to crafted message flooding
Package: mumble Version: 1.2.19-3 Severity: important Tags: security fixed-upstream fixed-in-experimental It is currently possible to cause mumble-server to freeze and/or crash by sending specifically it crafted commands, leading to a denial of service. The server usually automatically recovers, however it has been reported that in some instances it can take up to an hour after the attack has ended. The attack can be done remotely and does not need special permissions. All versions of mumble 1.2.x and 1.3.0 snapshots prior to 2018-08-31 are affected. signature.asc Description: OpenPGP digital signature