Описание
Security update for tor
This update for tor fixes the following issues:
Updating tor to a newer version in the respective codestream.
-
tor 0.3.5.12:
- Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
- Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
- Fix DoS defenses on bridges with a pluggable transport
- CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
- CVE-2020-10593: circuit padding memory leak (boo#1167014)
-
tor 0.4.4.6
- Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
- Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979)
- Fix logrotate to not fail when tor is stopped (boo#1164275)
Список пакетов
SUSE Package Hub 12
SUSE Package Hub 15 SP1
SUSE Package Hub 15 SP2
openSUSE Leap 15.1
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2020:1970-1
- SUSE Security Ratings
- SUSE Bug 1164275
- SUSE Bug 1167013
- SUSE Bug 1167014
- SUSE Bug 1173979
- SUSE Bug 1178741
- SUSE CVE CVE-2020-10592 page
- SUSE CVE CVE-2020-10593 page
- SUSE CVE CVE-2020-15572 page
Описание
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
Затронутые продукты
Ссылки
- CVE-2020-10592
- SUSE Bug 1167013
Описание
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.
Затронутые продукты
Ссылки
- CVE-2020-10593
- SUSE Bug 1167014
Описание
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
Затронутые продукты
Ссылки
- CVE-2020-15572
- SUSE Bug 1173979