openSUSE-SU-2017:3201-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2017:3201-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2017:3201-1
Related
Published
2017-12-02T14:54:54Z
Modified
2017-12-02T14:54:54Z
Summary
Security update for tor
Details

This update for tor fixes vulnerabilities that allowed some traffic confirmation, DoS and other attacks (bsc#1070849):

  • CVE-2017-8819: Replay-cache ineffective for v2 onion services
  • CVE-2017-8820: Remote DoS attack against directory authorities
  • CVE-2017-8821: An attacker can make Tor ask for a password
  • CVE-2017-8822: Relays can pick themselves in a circuit path
  • CVE-2017-8823: Use-after-free in onion service v2
References

Affected packages

SUSE:Package Hub 12 / tor

Package

Name
tor
Purl
pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.3.1.9-8.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.3.1.9-8.1"
        }
    ]
}