What Are You Looking For?

Popular Tags

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-c0696d7b53
2023-09-18 01:37:07.642300
--------------------------------------------------------------------------------

Name        : matrix-synapse
Product     : Fedora 37
Version     : 1.80.0
Release     : 5.fc37
URL         : https://github.com/matrix-org/synapse
Summary     : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.

--------------------------------------------------------------------------------
Update Information:

Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
--------------------------------------------------------------------------------
ChangeLog:

* Sat Sep  9 2023 Kai A. Hiller  - 1.80.0-5
- Fix build for f37 (CVE-2022-39374,CVE-2023-32323)
* Sat Sep  9 2023 Kai A. Hiller  - 1.80.0-4
- Use dash in subpackages url-preview, cache-memory
* Sat Sep  9 2023 Kai A. Hiller  - 1.80.0-3
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2209956 - CVE-2022-39374 matrix-synapse: Synapse Denial of service due to incorrect application of event authorization rules during state resolution
        https://bugzilla.redhat.com/show_bug.cgi?id=2209956
  [ 2 ] Bug #2209958 - CVE-2023-32323 matrix-synapse: Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
        https://bugzilla.redhat.com/show_bug.cgi?id=2209958
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-c0696d7b53' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 37: matrix-synapse 2023-c0696d7b53

September 18, 2023
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323

Summary

Matrix is an ambitious new ecosystem for open federated Instant Messaging and

VoIP. Synapse is a reference "homeserver" implementation of Matrix from the

core development team at matrix.org, written in Python/Twisted. It is intended

to showcase the concept of Matrix and let folks see the spec in the context of

a coded base and let you run your own homeserver and generally help bootstrap

the ecosystem.

Update Information:

Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323

Change Log

* Sat Sep 9 2023 Kai A. Hiller - 1.80.0-5 - Fix build for f37 (CVE-2022-39374,CVE-2023-32323) * Sat Sep 9 2023 Kai A. Hiller - 1.80.0-4 - Use dash in subpackages url-preview, cache-memory * Sat Sep 9 2023 Kai A. Hiller - 1.80.0-3 - RPMAUTOSPEC: unresolvable merge

References

[ 1 ] Bug #2209956 - CVE-2022-39374 matrix-synapse: Synapse Denial of service due to incorrect application of event authorization rules during state resolution https://bugzilla.redhat.com/show_bug.cgi?id=2209956 [ 2 ] Bug #2209958 - CVE-2023-32323 matrix-synapse: Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites https://bugzilla.redhat.com/show_bug.cgi?id=2209958

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c0696d7b53' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : matrix-synapse
Product : Fedora 37
Version : 1.80.0
Release : 5.fc37
URL : https://github.com/matrix-org/synapse
Summary : A Matrix reference homeserver written in Python using Twisted

Related News

Long-term Support for Linux Kernel to Be Cut as Maintenance Remains Under Strain

Sep 21, 2023

RISC-V With Linux 6.6 Offers Better Kernel Security With KASLR

Sep 11, 2023

Microsoft's CBL-Mariner 2.0 Linux Distribution Adds Clippy

Aug 4, 2023

Nitrux Devs Make It Easier to Upgrade Your Immutable Nitrux OS Installations

Jun 20, 2023

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape
LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Footer Logo

Feedback