Fedora 37 : matrix-synapse / python-matrix-common / rust-pythonize (2023-c0696d7b53)

The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-c0696d7b53 advisory. Update matrix-synapse to v1.80.0 to fix CVE-2022-39374, CVE-2023-32323 Tenable has extracted the preceding description block directly from the Fedor...

CVE-2022-39335 Synapse does not apply enough checks to servers requesting auth events of events in a room

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are...

Design/Logic Flaw

Dendrite is a Matrix homeserver written in Go. In affected versions events retrieved from a remote homeserver using the /getmissingevents path did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this...

dendrite -- Signature checks not applied to some retrieved missing events

Dendrite team reports: Events retrieved from a remote homeserver using /getmissingevents did not have their signatures verified correctly. This could potentially allow a remote homeserver to provide invalid/modified events to Dendrite via this endpoint. Note that this does not apply to events...