Sicherheit: Zwei Probleme in matrix-synapse
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in matrix-synapse
ID: FEDORA-2023-c0696d7b53
Distribution: Fedora
Plattformen: Fedora 37
Datum: Mo, 18. September 2023, 06:49
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39374
Applikationen: Matrix Synapse


Fedora Update Notification
2023-09-18 01:37:07.642300

Name : matrix-synapse
Product : Fedora 37
Version : 1.80.0
Release : 5.fc37
URL : https://github.com/matrix-org/synapse
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.

Update Information:

Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323

* Sat Sep 9 2023 Kai A. Hiller <V02460@gmail.com> - 1.80.0-5
- Fix build for f37 (CVE-2022-39374,CVE-2023-32323)
* Sat Sep 9 2023 Kai A. Hiller <V02460@gmail.com> - 1.80.0-4
- Use dash in subpackages url-preview, cache-memory
* Sat Sep 9 2023 Kai A. Hiller <V02460@gmail.com> - 1.80.0-3
- RPMAUTOSPEC: unresolvable merge

[ 1 ] Bug #2209956 - CVE-2022-39374 matrix-synapse: Synapse Denial of service
due to incorrect application of event authorization rules during state resolution
[ 2 ] Bug #2209958 - CVE-2023-32323 matrix-synapse: Synapse Outgoing
federation to specific hosts can be disabled by sending malicious invites

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-c0696d7b53' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Pro-Linux @Facebook
Neue Nachrichten