Update Info

openSUSE-2020-1970


Security update for tor


Type: security
Severity: important
Issued: 2020-11-19
Description:
This update for tor fixes the following issues:

Updating tor to a newer version in the respective codestream.

- tor 0.3.5.12:
  * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
  * Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
  * Fix DoS defenses on bridges with a pluggable transport
  * CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
  * CVE-2020-10593: circuit padding memory leak (boo#1167014) 

- tor 0.4.4.6
  * Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
  * Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979)
  * Fix logrotate to not fail when tor is stopped (boo#1164275)


              

Packages


  • tor-0.4.4.6-bp152.2.3.1