openSUSE-SU-2020:1970-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2020:1970-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2020:1970-1
- Related
- Published
- 2020-11-19T15:25:33Z
- Modified
- 2020-11-19T15:25:33Z
- Summary
- Security update for tor
- Details
-
This update for tor fixes the following issues:
Updating tor to a newer version in the respective codestream.
tor 0.3.5.12:
- Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
- Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
- Fix DoS defenses on bridges with a pluggable transport
- CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
- CVE-2020-10593: circuit padding memory leak (boo#1167014)
tor 0.4.4.6
- Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
- Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979)
- Fix logrotate to not fail when tor is stopped (boo#1164275)
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LICIVWVPYBVUILMW5J4DEG6B67OGC45P/
- https://bugzilla.suse.com/1164275
- https://bugzilla.suse.com/1167013
- https://bugzilla.suse.com/1167014
- https://bugzilla.suse.com/1173979
- https://bugzilla.suse.com/1178741
- https://www.suse.com/security/cve/CVE-2020-10592
- https://www.suse.com/security/cve/CVE-2020-10593
- https://www.suse.com/security/cve/CVE-2020-15572
Affected packages
SUSE:Package Hub 12 / tor
Package
- Name
- tor
- Purl
- pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012
SUSE:Package Hub 15 SP1 / tor
Package
- Name
- tor
- Purl
- pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP1
SUSE:Package Hub 15 SP2 / tor
Package
- Name
- tor
- Purl
- pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2
openSUSE:Leap 15.1 / tor
Package
- Name
- tor
- Purl
- pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.1