Описание
Security update for tor
This update for tor to version 0.3.5.10 fixes the following issues:
-
tor was updated to version 0.3.5.10:
-
CVE-2020-10592: Fixed a CPU consumption denial of service and timing patterns (boo#1167013)
-
CVE-2020-10593: Fixed a circuit padding memory leak (boo#1167014)
Список пакетов
openSUSE Leap 15.1
tor-0.3.5.10-lp151.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0406-1
- SUSE Security Ratings
- SUSE Bug 1167013
- SUSE Bug 1167014
- SUSE CVE CVE-2020-10592 page
- SUSE CVE CVE-2020-10593 page
Описание
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Затронутые продукты
openSUSE Leap 15.1:tor-0.3.5.10-lp151.2.3.1
Ссылки
- CVE-2020-10592
- SUSE Bug 1167013
Описание
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
Затронутые продукты
openSUSE Leap 15.1:tor-0.3.5.10-lp151.2.3.1
Ссылки
- CVE-2020-10593
- SUSE Bug 1167014