Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:0926-1

Опубликовано: 25 июн. 2021
Источник: suse-cvrf

Описание

Security update for tor

This update for tor fixes the following issues:

tor 0.4.5.9

  • Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell (CVE-2021-34548, boo#1187322)
  • Detect more failure conditions from the OpenSSL RNG code (boo#1187323)
  • Resist a hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549, boo#1187324)
  • Fix an out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550, boo#1187325)

tor 0.4.5.8

  • Fix logging issue due to systemd picking up stdout - boo#1181244 Continue to log notices to syslog by default.

Список пакетов

openSUSE Leap 15.2
tor-0.4.5.9-lp152.2.12.1

Ссылки

Описание

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.

Затронутые продукты
openSUSE Leap 15.2:tor-0.4.5.9-lp152.2.12.1
Ссылки

Описание

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.

Затронутые продукты
openSUSE Leap 15.2:tor-0.4.5.9-lp152.2.12.1
Ссылки

Описание

An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor

Затронутые продукты
openSUSE Leap 15.2:tor-0.4.5.9-lp152.2.12.1
Ссылки
Уязвимость openSUSE-SU-2021:0926-1