SUSE Package Hub - openSUSE-2021-334

Update Info

openSUSE-2021-334

Security update for tor

Type: security

Severity: moderate

Issued: 2021-02-23

Description:

This update for tor fixes the following issues:

tor was updated to 0.4.5.6:

* https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html
* Introduce a new MetricsPort HTTP interface
* Support IPv6 in the torrc Address option
* Add event-tracing library support for USDT and LTTng-UST
* Try to read N of N bytes on a TLS connection

tor was updated to 0.4.4.7:

* https://blog.torproject.org/node/1990
* Stop requiring a live consensus for v3 clients and services
* Re-entry into the network is now denied at the Exit level
* Fix undefined behavior on our Keccak library
* Strip '\r' characters when reading text files on Unix platforms
* Handle partial SOCKS5 messages correctly

* Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

Bugzilla: 1178741 VUL-0: tor: ed25519 identity not checked when competing a channel (TROVE-2020-005)

Packages

tor-0.4.5.6-bp152.2.6.1