Описание
Security update for tor
This update for tor fixes the following issues:
tor was updated to 0.4.7.8:
- Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672)
- Regenerate fallback directories generated on June 17, 2022.
- Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17.
- Allow the rseq system call in the sandbox
- logging bug fixes
Список пакетов
SUSE Package Hub 15 SP3
tor-0.4.7.8-bp154.2.3.1
SUSE Package Hub 15 SP4
tor-0.4.7.8-bp154.2.3.1
openSUSE Leap 15.3
tor-0.4.7.8-bp154.2.3.1
openSUSE Leap 15.4
tor-0.4.7.8-bp154.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10023-1
- SUSE Security Ratings
- SUSE Bug 1200672
- SUSE CVE CVE-2022-33903 page
Описание
Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.
Затронутые продукты
SUSE Package Hub 15 SP3:tor-0.4.7.8-bp154.2.3.1
SUSE Package Hub 15 SP4:tor-0.4.7.8-bp154.2.3.1
openSUSE Leap 15.3:tor-0.4.7.8-bp154.2.3.1
openSUSE Leap 15.4:tor-0.4.7.8-bp154.2.3.1
Ссылки
- CVE-2022-33903
- SUSE Bug 1200672