Fedora 38: FEDORA-2023-84ee781688 Moderate: matrix-synapse Security Fix
fedora
October 6, 2023
Update to v1.93.0 (CVE-2023-41335, CVE-2023-42453)
Summary
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference "homeserver" implementation of Matrix from the
core development team at matrix.org, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.
Update Information:
Update to v1.93.0 (CVE-2023-41335, CVE-2023-42453)
Topics Covered
Change Log
* Wed Sep 27 2023 Kai A. Hiller
References
[ 1 ] Bug #2242239 - CVE-2023-42453 matrix-synapse: improper validation of receipts allows forged read receipts
https://bugzilla.redhat.com/show_bug.cgi?id=2242239
[ 2 ] Bug #2242240 - CVE-2023-41335 matrix-synapse: temporary storage of plaintext passwords during password changes
https://bugzilla.redhat.com/show_bug.cgi?id=2242240
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-84ee781688' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Name: matrix-synapse
Product: Fedora 38
Version: 1.93.0
Release: 2.fc38
Summary: A Matrix reference homeserver written in Python using Twisted
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!