Описание
Security update for tor
This update for tor fixes the following issues:
tor was updated to 0.4.5.7
- https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html
- Fix 2 denial of service security issues (boo#1183726)
- Disable the dump_desc() function that we used to dump unparseable information to disk (CVE-2021-28089)
- Fix a bug in appending detached signatures to a pending consensus document that could be used to crash a directory authority (CVE-2021-28090)
- Ship geoip files based on the IPFire Location Database
Список пакетов
openSUSE Leap 15.2
tor-0.4.5.7-lp152.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2021:0461-1
- SUSE Security Ratings
- SUSE Bug 1183726
- SUSE CVE CVE-2021-28089 page
- SUSE CVE CVE-2021-28090 page
Описание
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
Затронутые продукты
openSUSE Leap 15.2:tor-0.4.5.7-lp152.2.9.1
Ссылки
- CVE-2021-28089
- SUSE Bug 1183726
- SUSE Bug 1184261
Описание
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
Затронутые продукты
openSUSE Leap 15.2:tor-0.4.5.7-lp152.2.9.1
Ссылки
- CVE-2021-28090
- SUSE Bug 1183726
- SUSE Bug 1184261