openSUSE-SU-2021:0474-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0474-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0474-1
Related
Published
2021-03-25T11:07:12Z
Modified
2021-03-25T11:07:12Z
Summary
Security update for tor
Details

This update for tor fixes the following issues:

tor was updated to 0.4.5.7

  • https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html
  • Fix 2 denial of service security issues (boo#1183726)
    • Disable the dump_desc() function that we used to dump unparseable information to disk (CVE-2021-28089)
    • Fix a bug in appending detached signatures to a pending consensus document that could be used to crash a directory authority (CVE-2021-28090)
  • Ship geoip files based on the IPFire Location Database

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP2 / tor

Package

Name
tor
Purl
pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.5.7-bp152.2.9.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.4.5.7-bp152.2.9.1"
        }
    ]
}