openSUSE-SU-2018:1767-1

Опубликовано: 20 июн. 2018

Источник: suse-cvrf

Описание

Security update for matrix-synapse

This update for matrix-synapse fixes the following security issue:

CVE-2018-12291: visibility rules were not applied correctly in the get_missing_events federation API (boo#1096833)

Список пакетов

openSUSE Leap 15.0

matrix-synapse-0.28.1-lp150.2.4.1

matrix-synapse-test-0.28.1-lp150.2.4.1

python2-matrix-synapse-0.28.1-lp150.2.4.1

python3-matrix-synapse-0.28.1-lp150.2.4.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-06/msg00038.html
E-Mail link for openSUSE-SU-2018:1767-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The on_get_missing_events function in handlers/federation.py in Matrix Synapse before 0.31.1 has a security bug in the get_missing_events federation API where event visibility rules were not applied correctly.

Затронутые продукты

openSUSE Leap 15.0:matrix-synapse-0.28.1-lp150.2.4.1

openSUSE Leap 15.0:matrix-synapse-test-0.28.1-lp150.2.4.1

openSUSE Leap 15.0:python2-matrix-synapse-0.28.1-lp150.2.4.1

openSUSE Leap 15.0:python3-matrix-synapse-0.28.1-lp150.2.4.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-12291.html
CVE-2018-12291
https://bugzilla.suse.com/1096833
SUSE Bug 1096833

openSUSE-SU-2018:1767-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2018-12291

Описание

Затронутые продукты

Ссылки