Описание
Security update for tor
This update for tor fixes the following issues:
tor 0.4.6.7:
- Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385)
tor 0.4.6.6:
- Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's
tor 0.4.6.5
- Add controller support for creating v3 onion services with client auth
- When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus
- Relays now report how overloaded they are
- Add a new DoS subsystem to control the rate of client connections for relays
- Relays now publish statistics about v3 onions services
- Improve circuit timeout algorithm for client performance
Список пакетов
SUSE Package Hub 15 SP3
tor-0.4.6.7-bp153.2.6.1
openSUSE Leap 15.3
tor-0.4.6.7-bp153.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1192-1
- SUSE Security Ratings
- SUSE Bug 1189489
- SUSE CVE CVE-2021-38385 page
Описание
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
Затронутые продукты
SUSE Package Hub 15 SP3:tor-0.4.6.7-bp153.2.6.1
openSUSE Leap 15.3:tor-0.4.6.7-bp153.2.6.1
Ссылки
- CVE-2021-38385
- SUSE Bug 1189489