SUSE Package Hub - openSUSE-2018-223

Update Info

openSUSE-2018-223

Security update for tor

Type: security

Severity: moderate

Issued: 2018-03-06

Description:

This update for tor to version 0.3.2.10 fixes security issues and bugs.

The following vulnerabilities were fixed:

- CVE-2018-0490: remote crash vulnerability against directory authorities (boo#1083845, TROVE-2018-001)
- CVE-2018-0491: remote relay crash (boo#1083846, TROVE-2018-002)

This new upstream stable version also contains a new system for improved resistance to DoS attacks against relays and various other bug fixes.

References

CVE: CVE-2018-0491
CVE: CVE-2018-0490
Bugzilla: 1083846 VUL-0: CVE-2018-0491: tor: use-after-free in KIST scheduler remote relay DoS
Bugzilla: 1083845 VUL-0: CVE-2018-0490: tor: null-pointer crash in directory authority protocol list code (TROVE-2018-001)

Packages

tor-0.3.2.10-14.1