SUSE Package Hub - openSUSE-2020-428

Update Info

openSUSE-2020-428

Security update for tor

Type: security

Severity: moderate

Issued: 2020-03-31

Description:

This update for tor to version 0.3.5.10 fixes the following issues:

- tor was updated to version 0.3.5.10:

- CVE-2020-10592: Fixed a CPU consumption denial of service and 
  timing patterns (boo#1167013)
- CVE-2020-10593: Fixed a circuit padding memory leak (boo#1167014) 

This update was imported from the openSUSE:Leap:15.1:Update update project.

References

CVE: CVE-2020-10593
CVE: CVE-2020-10592
Bugzilla: 1167014 VUL-0: CVE-2020-10593: tor: circuit padding memory leak (TROVE-2020-004)
Bugzilla: 1167013 VUL-0: CVE-2020-10592: tor: CPU consumption DoS and timing patterns (TROVE-2020-002)

Packages

tor-0.3.5.10-bp151.3.3.1