Detections
Analytics

FreeBSD : py-matrix-synapse -- multiple vulnerabilities (d9f686f3-fde0-48dc-ab0a-01c2fe3e0529)

high Nessus Plugin ID 138129

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Matrix developers report :

Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild.

- A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers.

- HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade.

Solution

Update the affected packages.

See Also

https://github.com/matrix-org/synapse/releases/tag/v1.15.2

http://www.nessus.org/u?0761cb1c

Plugin Details

Severity: High

ID: 138129

File Name: freebsd_pkg_d9f686f3fde048dcab0a01c2fe3e0529.nasl

Version: 1.1

Type: local

Published: 7/6/2020

Updated: 7/6/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:py36-matrix-synapse, p-cpe:/a:freebsd:freebsd:py37-matrix-synapse, p-cpe:/a:freebsd:freebsd:py38-matrix-synapse, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/3/2020

Vulnerability Publication Date: 7/2/2020