Fedora 30 : matrix-synapse (2019-80f1943143)

This release includes four security fixes : - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. - Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. - Prevent an attack where users could b...

[SECURITY] Fedora 30 Update: matrix-synapse-1.2.1-1.fc30

Matrix is an ambitious new ecosystem for open federated Instant Messaging a nd VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is inten ded to showcase the concept of Matrix and let folks see the spec i...

Fedora Update for matrix-synapse FEDORA-2019-80f1943143

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

FreeBSD : py-matrix-synapse -- multiple vulnerabilities (38d2df4d-b143-11e9-87e7-901b0e934d69)

Matrix developers report : The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation : - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. - Prevent a...

py-matrix-synapse -- multiple vulnerabilities

Matrix developers report: The matrix team releases Synapse 1.2.1 as a critical security update. It contains patches relating to redactions and event federation: Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. Prevent a denial-of-service...

ESXi patches address partial denial of service vulnerability in hostd process (CVE-2019-5528)

3. Partial denial of service vulnerability in ESXi hostd process CVE-2019-5528 A malicious actor with network access to an ESXi host could create a partial denial of service condition in management functionality. Successful exploitation of this issue may cause hostd to become unresponsive...

Security Bulletin: IBM Maximo Asset Management is vulnerable to CSV Injection (CVE-2019-4364)

Summary IBM Maximo Asset Management is vulnerable to CSV injection, which could allow a remote authenticated attacker to execute arbirary commands on the system. Vulnerability Details CVEID: CVE-2019-4364 DESCRIPTION: IBM Maximo Asset Management is vulnerable to CSV injection, which could allow a...

The vulnerability of the pom.xml components and FilterScript.java plugin of the Jenkins Matrix Project allows a perpetrator to execute arbitrary code.

The vulnerability of the pom.xml components and FilterScript.java src/main/java/hudson/matrix/FilterScript.java of the Matrix Project plugin is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability can allow a malicious actor to exit the...

Sandbox Protection Bypass

Jenkins Matrix Project Plugin is vulnerable to sandbox protection bypass vulnerability. This exists in the src/main/java/hudson/matrix/FilterScript.java which allows attackers with Job/Configure permission to execute arbitrary code on the Jenkins master JVM...

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

DEBIAN-CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

Authentication flaw

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

raiden (>=0.100.2 <=0.100.3rc1) potentially affected by CVE-2019-11842 via matrix-synapse (=0.33.9)

matrix-synapse PYPI version =0.33.9 is affected by a known vulnerability. The following packages have a transitive dependency on matrix-synapse and may be impacted: - raiden =0.100.2, =0.100.3rc1 Source cves: CVE-2019-11842 Source advisory: OSV:PYSEC-2019-185...

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

UBUNTU-CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

PYSEC-2019-185

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...

CVE-2019-11842

Affected products: Matrix Sydent &lt; 1.0.3 and Matrix Synapse

CVE-2019-11842

An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID...