A denial of service flaw was reported [1] in Mumble: A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access, leading to a crash (Denial of Service). This can be triggered remotely by an entity participating in a Mumble voice chat. This has been corrected in upstream version 1.2.5 [2]. [1] http://mumble.info/security/Mumble-SA-2014-001.txt [2] https://github.com/mumble-voip/mumble/commit/850649234d11685145193a59d72d98429e4f9ba7
Created mumble tracking bugs for this issue: Affects: fedora-all [bug 1061859]
mumble-1.2.5-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
mumble-1.2.5-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.