openSUSE-SU-2021:0926-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0926-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:0926-1
- Related
- Published
- 2021-06-25T18:34:10Z
- Modified
- 2021-06-25T18:34:10Z
- Summary
- Security update for tor
- Details
-
This update for tor fixes the following issues:
tor 0.4.5.9
- Don't allow relays to spoof RELAYEND or RELAYRESOLVED cell (CVE-2021-34548, boo#1187322)
- Detect more failure conditions from the OpenSSL RNG code (boo#1187323)
- Resist a hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549, boo#1187324)
- Fix an out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550, boo#1187325)
tor 0.4.5.8
- https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html
- allow Linux sandbox with Glibc 2.33
- work with autoconf 2.70+
several other minor features and bugfixes (see announcement)
Fix logging issue due to systemd picking up stdout - boo#1181244 Continue to log notices to syslog by default.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GJI5DAQGLSGJLTAEBDK3BJ65DR3SJHCE/
- https://bugzilla.suse.com/1179331
- https://bugzilla.suse.com/1181244
- https://bugzilla.suse.com/1187322
- https://bugzilla.suse.com/1187323
- https://bugzilla.suse.com/1187324
- https://bugzilla.suse.com/1187325
- https://www.suse.com/security/cve/CVE-2021-34548
- https://www.suse.com/security/cve/CVE-2021-34549
- https://www.suse.com/security/cve/CVE-2021-34550