Stay Secure with the Latest Linux Advisories

security advisoryFedoradenial-of-service

Fedora 30: FEDORA-2019-80f1943143 Critical: Matrix-Synapse Security Fixes

This release includes four security fixes: - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. - Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. - Prevent an attack where users could be joined or parted from public rooms without their consent. - Fix a vulnerability where a. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-80f1943143 2019-08-04 01:12:44.175426 --------------------------------------------------------------------------------Name : matrix-synapse Product : Fedora 30 Version : 1.2.1 Release : 1.fc30 URL : https://github.com/matrix-org/synapse Summary : A Matrix reference homeserver written in Python using Twisted Description : Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in the context of a coded base and let you run your own homeserver and generally help bootstrap the ecosystem. --------------------------------------------------------------------------------Update Information: This release includes four security fixes: - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. - Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. - Prevent an attack where users could be joined or parted from public rooms without their consent. - Fix a vulnerability where a federated server could spoof read-receipts from users on other servers. See https://github.com/matrix-org/synapse/releases/tag/v1.2.1 for complete details. --------------------------------------------------------------------------------ChangeLog: * FriJul 26 2019 Kai A. Hiller - 1.2.1-1 - Update to v1.2.1 * Thu Jun 27 2019 Dan Callaghan - 1.0.0-1 - Update to v1.0.0 release, including new protocol-mandated TLS certificate verification logic. See: --------------------------------------------------------------------------------References: [ 1 ] Bug #1726902 - matrix-synapse-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1726902 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-80f1943143' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . Uncover enhancements in matrix-synapse tailored for Fedora 30, focusing on mitigating diverse threats and enhancing overall functionality.. Matrix Synapse Security. . Severity: Critical. LinuxSecurity.com Team

Aug 03, 2019 •Critical Fedora