openSUSE-SU-2021:1169-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1169-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:1169-1
Related
Published
2021-08-19T15:21:48Z
Modified
2021-08-19T15:21:48Z
Summary
Security update for tor
Details

This update for tor fixes the following issues:

tor 0.4.6.7:

  • Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385)

tor 0.4.6.6:

  • Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch
  • Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's

tor 0.4.6.5

  • Add controller support for creating v3 onion services with client auth
  • When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus
  • Relays now report how overloaded they are
  • Add a new DoS subsystem to control the rate of client connections for relays
  • Relays now publish statistics about v3 onions services
  • Improve circuit timeout algorithm for client performance
References

Affected packages

openSUSE:Leap 15.2 / tor

Package

Name
tor
Purl
pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.6.7-lp152.2.15.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.4.6.7-lp152.2.15.1"
        }
    ]
}