SUSE Package Hub - openSUSE-2021-1178

Update Info

openSUSE-2021-1178

Security update for tor

Type: security

Severity: important

Issued: 2021-08-23

Description:

This update for tor fixes the following issues:

tor 0.4.6.7:

* Fix a DoS via a remotely triggerable assertion failure
  (boo#1189489, TROVE-2021-007, CVE-2021-38385)

tor 0.4.6.6:

* Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch
* Enable the deterministic RNG for unit tests that covers the
  address set bloomfilter-based API's

tor 0.4.6.5

* Add controller support for creating v3 onion services with
  client auth
* When voting on a relay with a Sybil-like appearance, add the
  Sybil flag when clearing out the other flags. This lets a relay
  operator know why their relay hasn't been included in the
  consensus
* Relays now report how overloaded they are
* Add a new DoS subsystem to control the rate of client
  connections for relays
* Relays now publish statistics about v3 onions services
* Improve circuit timeout algorithm for client performance

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2021-38385
Bugzilla: 1189489 VUL-0: CVE-2021-38385: tor: assertion failure in signature verification

Packages

tor-0.4.6.7-bp152.2.15.1