FreeBSD : py-matrix-synapse -- missing signature checks on some federation APIs (42675046-fa70-11e9-ba4e-901b0e934d69)

high Nessus Plugin ID 131468

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Matrix developers report :

Make sure that [...] events sent over /send_join, /send_leave, and /invite, are correctly signed and come from the expected servers.

Solution

Update the affected packages.

See Also

https://github.com/matrix-org/synapse/pull/6262

https://github.com/matrix-org/synapse/releases/tag/v1.5.0

http://www.nessus.org/u?ead0a3dd

Plugin Details

Severity: High

ID: 131468

File Name: freebsd_pkg_42675046fa7011e9ba4e901b0e934d69.nasl

Version: 1.1

Type: local

Published: 12/3/2019

Updated: 12/3/2019

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py35-matrix-synapse, p-cpe:/a:freebsd:freebsd:py36-matrix-synapse, p-cpe:/a:freebsd:freebsd:py37-matrix-synapse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/29/2019

Vulnerability Publication Date: 10/29/2019