Fedora 37: Critical Denial of Service Fix for Matrix-Synapse CVE-2023-32323
fedora
September 18, 2023
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
Summary
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.
Update Information:
Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323
Topics Covered
Change Log
* Sat Sep 9 2023 Kai A. Hiller
References
[ 1 ] Bug #2209956 - CVE-2022-39374 matrix-synapse: Synapse Denial of service due to incorrect application of event authorization rules during state resolution https://bugzilla.redhat.com/show_bug.cgi?id=2209956 [ 2 ] Bug #2209958 - CVE-2023-32323 matrix-synapse: Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites https://bugzilla.redhat.com/show_bug.cgi?id=2209958
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-c0696d7b53' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Name: matrix-synapse
Product: Fedora 37
Version: 1.80.0
Release: 5.fc37
Summary: A Matrix reference homeserver written in Python using Twisted
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!