openSUSE-SU-2021:1192-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:1192-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:1192-1
Related
Published
2021-08-25T15:57:20Z
Modified
2021-08-25T15:57:20Z
Summary
Security update for tor
Details

This update for tor fixes the following issues:

tor 0.4.6.7:

  • Fix a DoS via a remotely triggerable assertion failure (boo#1189489, TROVE-2021-007, CVE-2021-38385)

tor 0.4.6.6:

  • Enable the deterministic RNG for unit tests that covers the address set bloomfilter-based API's

tor 0.4.6.5

  • Add controller support for creating v3 onion services with client auth
  • When voting on a relay with a Sybil-like appearance, add the Sybil flag when clearing out the other flags. This lets a relay operator know why their relay hasn't been included in the consensus
  • Relays now report how overloaded they are
  • Add a new DoS subsystem to control the rate of client connections for relays
  • Relays now publish statistics about v3 onions services
  • Improve circuit timeout algorithm for client performance
References

Affected packages

SUSE:Package Hub 15 SP3 / tor

Package

Name
tor
Purl
pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.6.7-bp153.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.4.6.7-bp153.2.6.1"
        }
    ]
}

openSUSE:Leap 15.3 / tor

Package

Name
tor
Purl
pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.4.6.7-bp153.2.6.1

Ecosystem specific 

{
    "binaries": [
        {
            "tor": "0.4.6.7-bp153.2.6.1"
        }
    ]
}