openSUSE-SU-2021:1169-1

Опубликовано: 19 авг. 2021

Источник: suse-cvrf

Описание

Security update for tor

This update for tor fixes the following issues:

tor 0.4.6.7:

Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385)

tor 0.4.6.6:

Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch
Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's

tor 0.4.6.5

Add controller support for creating v3 onion services with client auth
When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus
Relays now report how overloaded they are
Add a new DoS subsystem to control the rate of client connections for relays
Relays now publish statistics about v3 onions services
Improve circuit timeout algorithm for client performance

Список пакетов

openSUSE Leap 15.2

tor-0.4.6.7-lp152.2.15.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PMWWIBVBPI5X7QIC5VO3NJURIXL33ROT/
E-Mail link for openSUSE-SU-2021:1169-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1189489
SUSE Bug 1189489
https://www.suse.com/security/cve/CVE-2021-38385/
SUSE CVE CVE-2021-38385 page

Описание

Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.

Затронутые продукты

openSUSE Leap 15.2:tor-0.4.6.7-lp152.2.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-38385.html
CVE-2021-38385
https://bugzilla.suse.com/1189489
SUSE Bug 1189489

openSUSE-SU-2021:1169-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-38385

Описание

Затронутые продукты

Ссылки