Mumble 1.2.5

The Mumble team has released version 1.2.5 of the Mumble VoIP application.

This new version contains two important client-side security fixes. We advise our users to download this update as soon as possible from our SourceForge downloads page: http://sourceforge.net/projects/mumble/files/Mumble/1.2.5/

This release contains no new features. For all practical purposes, it is a bug-fix release on top of 1.2.4.

For a list of known issues with this release, please see the 1.2.5 Known Issues wiki page: http://mumble.sourceforge.net/1.2.5_Known_Issues.

Security advisories for the two fixed vulnerabilities are available below:

Mumble-SA-2014-001 [sig] (CVE-2014-0044)
– A malformed Opus voice packet sent to a Mumble client could trigger a NULL pointer dereference or an out-of-bounds array access.

Mumble-SA-2014-002 [sig] (CVE-2014-0045)
– A malformed Opus voice packet sent to a Mumble client could trigger a heap-based buffer overflow.

If you are using Mumble on Linux or BSD, we recommend that you keep a close eye on your vendor’s security advisories to determine the availability of an update that fixes these vulnerabilities.

The Mumble team

[Update 2014-02-07: added a link to the Known Issues page]

This entry was posted in News, Release, Security. Bookmark the permalink.

31 Responses to Mumble 1.2.5

  1. Zuko says:

    “This release contains no new features.” What?

    • mkrautz says:

      Version 1.2.5 is a bugfix release for the recently reported crash bug by Wesley Wolfe (Wolvereness). What was known as version 1.2.5 before will instead become version 1.3.0. This is to allow us to more easily do minor bug fix and/or security updates in the future — they can just become patch-level releases under, say, the 1.3-series.

      We will do a blog post soon to announce the change in versioning.

  2. MonkRX says:

    Any plans to change the protocol in 1.3.x that may break compatibility with 1.2.x clients? Or is it simply just a versioning numbering change?

    • mkrautz says:

      We don’t have any plans to drop backwards compatibility with the 1.2.x series.

      It’s just a change in our versioning scheme to allow us to provide minor releases with security fixes and other critical bug fixes, just like this release.

  3. Mat says:

    Is a server update required? or are they entirely client side fixes? Cheers.

  4. mikeh says:

    To the Mumble dev team; this doesn’t get said enough, so here goes…

    Thank you for your time and continued commitment to a secure, open-source VOIP client.

    It is very much appreciated!

  5. dubas says:

    Hi,
    where is a full changelog v. 1.2.5
    thanks

  6. anonymous says:

    Clicking on the in-client “download new version” link got me mumble-1.2.4.tar.gz , which is doubly wrong, because 1) I’d expect the binary installer rather than source for a windows client, and 2) it’s not even the source for the fixed version.

  7. desertwolf says:

    You guys should be on Flattr.

    uMurmur and OpenWRT are there, too.

    Thanks a lot for your work!

  8. Erik says:

    Mumble used to work fine with version 1.2.2

    Now, I get the 1.2.5, and even with multiple checks of information, it still won’t let me log into a server

    • mkrautz says:

      What happens when you try to log in to a server?

    • Roy says:

      How thoroughly did you check your certificates? Sounds like an issue that can be fixed by deleting the user on the server and starting from scratch with a new certificate.

  9. Harrihu says:

    Do you guys have any plans to add local individual user volume adjusting? I really need that feature to exist like yesterday. It was really useful on team speak.

    • Bish says:

      There’s a FAQ on that. What I read there suggested that volume setting you speak of is not required, as mumble does something better.

      Ymmv.

  10. Peter says:

    Hi!

    Is there any plan to improve the PTT function on IOS? I mean I want to use my head-set buttons while talking as on android. I dont like voice activation, but the using of PTT on IOS now is more than difficult while you are walking or cycling.

    • mkrautz says:

      Unfortunately, this is mostly a restriction imposed on os by iOS. Our app would not be accepted by Apple if we override the headset button for our own purpose.

      We’d love to give easier access to PTT, though.

  11. Pingback: Mumble 1.2.5 released | Fohlen's Blog

  12. Pingback: murmurd 1.2.5 « Computer pr0n

  13. D says:

    Newest update doesn’t allow keybinding number pad keys with modifiers. Crashes everytime. Update completely broke the program, unusable now.

    • Kissaki says:

      1.2.5 is a bugfix release. As the bugfix is in an entirely different area, it is not possible that those changes triggered your issues now appearing – at least if you used 1.2.4 before.

      Feel free to look for support in a different format, as this – blog comments – is not really a good place for that. Visit us in IRC or in our forums.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>