MGASA-2016-0356
- Source
- https://advisories.mageia.org/MGASA-2016-0356.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0356.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0356
- Related
- Published
- 2016-10-25T23:11:42Z
- Modified
- 2016-10-25T22:59:22Z
- Summary
- Updated tor packages fix security vulnerability
- Details
-
It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string. This issue could enable a remote attacker to crash a Tor client, hidden service, relay, or authority (CVE-2016-8860).
The tor package has been updated to version 0.2.8.9, which fixes this issue and several other bugs, including other security issues fixed in 0.2.8.6. See the release announcements for details.
- References
-
- https://advisories.mageia.org/MGASA-2016-0356.html
- https://bugs.mageia.org/show_bug.cgi?id=19145
- https://blog.torproject.org/blog/tor-0286-released
- https://blog.torproject.org/blog/tor-0287-released-important-fixes
- https://blog.torproject.org/blog/tor-0288-released-important-fixes
- https://blog.torproject.org/blog/tor-0289-released-important-fixes
- https://www.debian.org/security/2016/dsa-3694
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / tor
Package
- Name
- tor
- Purl
- pkg:rpm/mageia/tor?distro=mageia-5