You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa matrix-synapse

Sigurnosni nedostaci programskog paketa matrix-synapse

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2019-08-04 01:12:44.175426

Name : matrix-synapse
Product : Fedora 30
Version : 1.2.1
Release : 1.fc30
Summary : A Matrix reference homeserver written in Python using Twisted
Description :
Matrix is an ambitious new ecosystem for open federated Instant Messaging and
VoIP. Synapse is a reference “homeserver” implementation of Matrix from the
core development team at, written in Python/Twisted. It is intended
to showcase the concept of Matrix and let folks see the spec in the context of
a coded base and let you run your own homeserver and generally help bootstrap
the ecosystem.

Update Information:

This release includes four security fixes: – Prevent an attack where a
federated server could send redactions for arbitrary events in v1 and v2 rooms.
– Prevent a denial-of-service attack where cycles of redaction events would make
Synapse spin infinitely. – Prevent an attack where users could be joined or
parted from public rooms without their consent. – Fix a vulnerability where a
federated server could spoof read-receipts from users on other servers. See for complete details.

* Fri Jul 26 2019 Kai A. Hiller <> – 1.2.1-1
– Update to v1.2.1
* Thu Jun 27 2019 Dan Callaghan <> – 1.0.0-1
– Update to v1.0.0 release, including new protocol-mandated TLS
certificate verification logic. See:

[ 1 ] Bug #1726902 – matrix-synapse-1.1.0 is available

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-80f1943143’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorZvonimir Bosnjak
Cert idNCERT-REF-2019-08-0001-ADV
More in Preporuke
Sigurnosni nedostaci programskog paketa rmt-server

Otkriveni su sigurnosni nedostaci u programskom paketu rmt-server za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje proizvoljnog programskog...