On Thu, Dec 2 2021 at 10:02:52 AM +0100, Lars Vogdt lars@linux-schulserver.de wrote:
Hi Sasi
I'm sorry to say, but:
curl https://matrix.opensuse.org/_matrix/federation/v1/version | jq
results in "server": { "name": "Synapse", "version": "1.46.0" }
Synapse 1.47.1: This release fixes a security issue in the media store, affecting all prior releases of Synapse. Server administrators are encouraged to update Synapse as soon as possible.
The issue is public at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41281
I convinced IT to not instantly power down the machine, as the (now enforced) Apparmor profile covers us for a while. But it gives a bad picture, if we report an application fixed and updated - while it is not. Can I ask you to check and finally deploy the security fix?
Wrong default version of python3 used, resulting in an older version being used. I will fix that in a second