-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : mumble Version : 1.2.8-2+deb8u1 CVE ID : CVE-2018-20743 Debian Bug : 919249
It has been found that the mumble-server mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. With the new security update a rate limiter is added with Leaky-Bucket algorithm. For Debian 8 "Jessie", this problem has been fixed in version 1.2.8-2+deb8u1. We recommend that you upgrade your mumble packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlxbB7wACgkQhj1N8u2c KO9yDA/6AgSETZ2YWsSbQdjWrHclrmhEdJcfdxMrC5Cor99NbC6WLQgPp0ecsNuF i2JuTYu4dwqggtI7ASQepKjpNWGokldcf3AXDinhBIQXxZ81LvgDLbfM+FZW69la OIIusy+0PyRIw3caPcdIwqzGvLz1I0dZPZZ0LazfOwyiu7xdcO9z6tYEzq/51xZj T2RVVzyg9ZgPwbhIC8YUz35UY67sN86tqg1Tf8NlkYQub4TyR62pR5GTvOZjsd28 n85Kh48iOJgUp+eTTxqFpIZj1161Csa15eBqNribMJHQ8bDxtYi4AX1WmVKztJUG a51azBf/NAtSh+favuGnngWMkfopIE1ViCAXLzvF0ZUd4Qo0v5AwvWlX4wd/kp1E 7amtvqOulvAlsiuIgZ3QeG/y91C1UbEhuZNAZSh1b33mnGcMmeoiMxSflrgallnB qt87Fnq9oU0r0k8+B5Bl1HaNHL15ZRaydp3V38ObwqX1GDY32hgS+F907TNashDo 35QQyf0vgN+HkmaAuP//oah43dI99PQzNWBoXBfo1zGETj1bnhjs3b33IlQukfa9 qw3uN8xKtVd3XtcIImBmG92QydRBSCn8jLS6koyIxyI3gRuMA1H7/MuhRUybAle0 tUkstrh+j1eHhW8IrnF0JFlMvMGdMsTKlKL1IbrTWLtIfGg3uQQ= =Z1I8 -----END PGP SIGNATURE-----
