FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Matrix clients -- several vulnerabilities

Affected packages
cinny < 1.6.0
element-web < 1.9.7

Details

VuXML ID 0dcf68fa-5c31-11ec-875e-901b0e9408dc
Discovery 2021-12-03
Entry 2021-12-13

Matrix developers report:

Today we are releasing security updates to libolm, matrix-js-sdk, and several clients including Element Web / Desktop. Users are encouraged to upgrade as soon as possible.

These releases mitigate a buffer overflow in olm_session_describe, a libolm debugging function used by matrix-js-sdk in its end-to-end encryption (E2EE) implementation. If you rely on matrix-js-sdk for E2EE, you are affected.

References

URL https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk