Fedora 30: matrix-synapse FEDORA-2019-80f1943143

Aug 4, 2019 04:00 am Cyber Security 341
Fedora 30: matrix-synapse FEDORA-2019-80f1943143
This release includes four security fixes: - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. - Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. - Prevent an attack where users could be joined or parted from public rooms without their consent. - Fix a vulnerability where a
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-80f1943143
2019-08-04 01:12:44.175426
-------------------------------------------------------------------------------- Name : matrix-synapse
Product : Fedora 30
Version : 1.2.1
Release : 1.fc30
URL : https://github.com/matrix-org/synapse
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem. --------------------------------------------------------------------------------
Update Information: This release includes four security fixes: - Prevent an attack where a
federated server could send redactions for arbitrary events in v1 and v2 rooms.
- Prevent a denial-of-service attack where cycles of redaction events would make
Synapse spin infinitely. - Prevent an attack where users could be joined or
parted from public rooms without their consent. - Fix a vulnerability where a
federated server could spoof read-receipts from users on other servers. See
https://github.com/matrix-org/synapse/releases/tag/v1.2.1 for complete details.
--------------------------------------------------------------------------------
ChangeLog: * Fri Jul 26 2019 Kai A. Hiller - 1.2.1-1
- Update to v1.2.1
* Thu Jun 27 2019 Dan Callaghan - 1.0.0-1
- Update to v1.0.0 release, including new protocol-mandated TLS certificate verification logic. See: https://github.com/matrix-org/synapse/blob/master/docs/MSC1711_certificates_FAQ.md
--------------------------------------------------------------------------------
References: [ 1 ] Bug #1726902 ..

Support the originator by clicking the read the rest link below.
fedora matrix synapse fedora 80f1943143
Read The Rest from the original source
linuxsecurity.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!