openSUSE-SU-2021:1178-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1178-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:1178-1
Related
Published
2021-08-22T22:06:30Z
Modified
2021-08-22T22:06:30Z
Summary
Security update for tor
Details

This update for tor fixes the following issues:

tor 0.4.6.7:

  • Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385)

tor 0.4.6.6:

  • Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch
  • Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's

tor 0.4.6.5

  • Add controller support for creating v3 onion services with client auth
  • When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus
  • Relays now report how overloaded they are
  • Add a new DoS subsystem to control the rate of client connections for relays
  • Relays now publish statistics about v3 onions services
  • Improve circuit timeout algorithm for client performance

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Affected packages

SUSE:Package Hub 15 SP2 / tor

Package

Name
tor
Purl
pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.6.7-bp152.2.15.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.4.6.7-bp152.2.15.1"
        }
    ]
}