openSUSE-SU-2017:2573-1

Опубликовано: 26 сент. 2017

Источник: suse-cvrf

Описание

Security update for tor

This update for tor fixes the following issues:

CVE-2017-0380: hidden services with the SafeLogging option disabled could disclose the stack (boo#1059194)

Список пакетов

openSUSE Leap 42.2

tor-0.3.0.11-3.1

openSUSE Leap 42.3

tor-0.3.0.11-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-09/msg00105.html
E-Mail link for openSUSE-SU-2017:2573-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The rend_service_intro_established function in or/rendservice.c in Tor before 0.2.8.15, 0.2.9.x before 0.2.9.12, 0.3.0.x before 0.3.0.11, 0.3.1.x before 0.3.1.7, and 0.3.2.x before 0.3.2.1-alpha, when SafeLogging is disabled, allows attackers to obtain sensitive information by leveraging access to the log files of a hidden service, because uninitialized stack data is included in an error message about construction of an introduction point circuit.

Затронутые продукты

openSUSE Leap 42.2:tor-0.3.0.11-3.1

openSUSE Leap 42.3:tor-0.3.0.11-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-0380.html
CVE-2017-0380
https://bugzilla.suse.com/1059194
SUSE Bug 1059194

openSUSE-SU-2017:2573-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-0380

Описание

Затронутые продукты

Ссылки