Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 22.04 LTS: USN-7444-1 critical: Synapse security flaws

ubuntu
Calendar Grey April 23, 2025
Dist Ubuntu Esm H88
Several security issues fixed in Ubuntu's Synapse impacting versions across LTS releases. Update advised for security.
Several security issues were fixed in Synapse.

Summary

Several security issues were fixed in Synapse.

Software Description:

- matrix-synapse: Synapse: Matrix homeserver written in Python/Twisted.

Details:

It was discovered that Synapse network policies could be bypassed via

specially crafted URLs. An attacker could possibly use this issue to

bypass authentication mechanisms. (CVE-2023-32683)

It was discovered that Synapse exposed cached device information. An

attacker could possibly use this issue to gain access to sensitive

information. (CVE-2023-43796)

It was discovered that Synapse could be tricked into rejecting state

changes in rooms. An attacker could possibly use this issue to cause

Synapse to stop functioning properly, resulting in a denial of service.

This issue was only fixed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

(CVE-2022-39374)

It was discovered that Synapse stored user credentials in a server's

database temporarily. An attacker could possibly use this issue to

gain access to sensitive info...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   matrix-synapse                  1.53.0-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   matrix-synapse                  1.11.0-1ubuntu0.1~esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   matrix-synapse                  0.24.0+dfsg-1ubuntu0.1~esm4
                                   Available with Ubuntu Pro

After a standard system update you need to restart Synapse to make
all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7444-1

  CVE-2022-39335, CVE-2022-39374, CVE-2023-32683, CVE-2023-41335,

  CVE-2023-42453, CVE-2023-43796, CVE-2024-31208, CVE-2024-53863

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7444-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here