MGASA-2017-0353

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0353.html

Import Source

https://advisories.mageia.org/MGASA-2017-0353.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2017-0353

Related

CVE-2017-0380

Published

2017-09-21T13:43:32Z

Modified

2017-09-21T13:11:48Z

Summary

Updated tor packages fix security vulnerability

Details

Due to the code that reports an error during the construction of an introduction point circuit, it is possible that some hidden services will sometimes write sensitive information into their logs if the SafeLogging option is disabled. Note that SafeLogging is enabled by default (CVE-2017-0380).

References

https://advisories.mageia.org/MGASA-2017-0353.html
https://bugs.mageia.org/show_bug.cgi?id=21740
https://lists.torproject.org/pipermail/tor-talk/2017-September/043585.html
https://blog.torproject.org/new-tor-stable-releases-02815-02912-03011-fix-onion-service-security-issue

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2017-0353

Affected packages