MGASA-2017-0008

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0008.html

Import Source

https://advisories.mageia.org/MGASA-2017-0008.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0008

Related

CVE-2016-1254

Published

2017-01-06T09:53:08Z

Modified

2017-01-06T09:42:48Z

Summary

Updated tor package fixes security vulnerability

Details

It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation (CVE-2016-1254).

References

https://advisories.mageia.org/MGASA-2017-0008.html
https://bugs.mageia.org/show_bug.cgi?id=19996
https://blog.torproject.org/blog/tor-02812-released
https://www.debian.org/security/2016/dsa-3741

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0008

Affected packages