openSUSE Security Update : matrix-synapse (openSUSE-2018-654)

This update for matrix-synapse fixes the following security issue : - CVE-2018-12291: visibility rules were not applied correctly in the getmissingevents federation API boo1096833 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Security update for matrix-synapse (moderate)

This update for matrix-synapse fixes the following security issue: - CVE-2018-12291: visibility rules were not applied correctly in the getmissingevents federation API boo1096833...

CVE-2018-12439

MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

Matrix Synapse Event Filtering Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. A security vulnerability exists in the 'ongetmissingevents' function in the handlers/federation.py file in Matrix Synapse versions prior to 0.31.1. No details of the vulnerability are provided at this time...

Synapse Hijacking Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. There is a security vulnerability in Synapse. An attacker can exploit the vulnerability to hijack 'rooms' message channels...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

UBUNTU-CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

DEBIAN-CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

CVE-2018-12291

Summary: Matrix Synapse before 0.31.1 has a bug in on_get_missing_events ( federation.py ) where event visibility rules were not applied correctly in get_missing_events, potentially exposing incorrect events. Impact: as described in multiple advisories; CVE-2018-12291. Remediation: upgrade to Syn...

CVE-2018-12291

The ongetmissingevents function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the getmissingevents federation API where event visibility rules were not applied correctly...

Fedora Update for matrix-synapse FEDORA-2018-f513267ac5

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 28 Update: matrix-synapse-0.28.1-1.fc28

Matrix is an ambitious new ecosystem for open federated Instant Messaging a nd VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is inten ded to showcase the concept of Matrix and let folks see the spec i...

Matrix Synapse Denial of Service Vulnerability

Matrix is a set of open communication networks of which Synapse is a server implementation. A denial of service vulnerability exists in Matrix Synapse versions prior to 0.28.1. An attacker can exploit this vulnerability to cause a denial of service with the 'depth' value...

CVE-2018-10657

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

CVE-2018-10657

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

Design/Logic Flaw

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

CVE-2018-10657

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...

UBUNTU-CVE-2018-10657

Matrix Synapse before 0.28.1 is prone to a denial of service flaw where malicious events injected with depth = 2^63 - 1 render rooms unusable, related to federation/federationbase.py and handlers/message.py, as exploited in the wild in April 2018...