Bug#587713: mumble-server: DoS via malformed client queries
Raphael Geissert
geissert at debian.org
Thu Jul 1 02:18:40 UTC 2010
Package: mumble-server
Version: 1.2.2-2
Severity: grave
Tags: security
Hi,
The following vulnerability has been reported in mumble-server.
From [1]:
> Through a malformed type of data is possible to force the termination
> of the server due to an error in the SQL query (SQLite library).
> The attacker needs to join the server to exploit it.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry, if one is assigned by then.
There's no known patch at the moment and an exploit is linked by the advisory.
[1]http://aluigi.altervista.org/adv/mumbleed-adv.txt
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the Pkg-voip-maintainers
mailing list