347 matches found
[SECURITY] Fedora 37 Update: matrix-synapse-1.80.0-7.fc37
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Fedora 37 : matrix-synapse (2023-954c2ec5bd)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-954c2ec5bd advisory. Backport fix for CVE-2023-45129 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
[SECURITY] Fedora 38 Update: matrix-synapse-1.94.0-2.fc38
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-c3c8cc5f8b)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : matrix-synapse (2023-c3c8cc5f8b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c3c8cc5f8b advisory. Update to v1.94.0 CVE-2023-45129 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
GHSA-5CHR-WJW5-3GQ4 matrix-synapse vulnerable to denial of service due to malicious server ACL events
Impact A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which presumably do not need to use server ACLs are not affected. Patches Server administrators are advised to upgrade to...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.93.0.0) +7 more potentially affected by CVE-2023-45129 via matrix-synapse (>=0.33.9 <=1.93.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-45129 Source advisory: OSV:GHSA-5CHR-WJW5-3GQ4...
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Impact A malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which presumably do not need to use server ACLs are not affected. Patches Server administrators are advised to upgrade to...
matrix-server-isenguard (>=0.1.1 <=0.2.0), matrix-synapse-testutils (>=1.65.0.0 <=1.93.0.0) +7 more potentially affected by CVE-2023-45129 via matrix-synapse (>=0.33.9 <=1.93.0)
matrix-synapse PYPI version =0.33.9, =0.1.1, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-45129 Source advisory: OSV:PYSEC-2023-199...
CVE-2023-45129 matrix-synapse vulnerable to denial of service due to malicious server ACL events
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation which...
Matrix Synapse Security Vulnerability
Matrix Synapse is a Matrix Management Server implementation from the Matrix Foundation in the UK. A security vulnerability exists in Matrix Synapse versions prior to 1.94.0 that stems from a malicious server ACL event that can impact server performance and lead to a denial of service DOS...
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-84ee781688)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: matrix-synapse-1.80.0-6.fc37
Matrix is an ambitious new ecosystem for open federated Instant Messaging and VoIP. Synapse is a reference "homeserver" implementation of Matrix from the core development team at matrix.org, written in Python/Twisted. It is intended to showcase the concept of Matrix and let folks see the spec in...
Fedora: Security Advisory for matrix-synapse (FEDORA-2023-5d980e6aaf)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 37 : matrix-synapse (2023-5d980e6aaf)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5d980e6aaf advisory. Backport fixes for CVE-2023-41335, CVE-2023-42453 Tenable has extracted the preceding description block directly from the Fedora security advisory...
Fedora 38 : matrix-synapse (2023-84ee781688)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-84ee781688 advisory. Update to v1.93.0 CVE-2023-41335, CVE-2023-42453 Tenable has extracted the preceding description block directly from the Fedora security advisory...
matrix-synapse-testutils (>=1.65.0.0 <=1.92.2.0) potentially affected by CVE-2023-42453 via matrix-synapse (>=1.65.0 <=1.92.2)
matrix-synapse PYPI version =1.65.0, =1.65.0.0, =1.92.2.0 Source cves: CVE-2023-42453 Source advisory: OSV:PYSEC-2023-180...
matrix-synapse-testutils (>=1.66.0.0 <=1.92.2.0) potentially affected by CVE-2023-41335 via matrix-synapse (>=1.66.0 <=1.92.2)
matrix-synapse PYPI version =1.66.0, =1.66.0.0, =1.92.2.0 Source cves: CVE-2023-41335 Source advisory: OSV:PYSEC-2023-185...
PYSEC-2023-185
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...
CVE-2023-41335 Temporary storage of plaintext passwords during password changes in matrix synapse
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as...