openSUSE-SU-2021:0461-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0461-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0461-1
Related
Published
2021-03-21T23:09:43Z
Modified
2021-03-21T23:09:43Z
Summary
Security update for tor
Details

This update for tor fixes the following issues:

tor was updated to 0.4.5.7

  • https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html
  • Fix 2 denial of service security issues (boo#1183726)
    • Disable the dump_desc() function that we used to dump unparseable information to disk (CVE-2021-28089)
    • Fix a bug in appending detached signatures to a pending consensus document that could be used to crash a directory authority (CVE-2021-28090)
  • Ship geoip files based on the IPFire Location Database
References

Affected packages

openSUSE:Leap 15.2 / tor

Package

Name
tor
Purl
pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.5.7-lp152.2.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.4.5.7-lp152.2.9.1"
        }
    ]
}