SUSE Package Hub - openSUSE-2021-474

Update Info

openSUSE-2021-474

Security update for tor

Type: security

Severity: moderate

Issued: 2021-03-25

Description:

This update for tor fixes the following issues:

tor was updated to 0.4.5.7

* https://lists.torproject.org/pipermail/tor-announce/2021-March/000216.html
* Fix 2 denial of service security issues (boo#1183726)
  + Disable the dump_desc() function that we used to dump unparseable
    information to disk (CVE-2021-28089)
  + Fix a bug in appending detached signatures to a pending consensus
    document that could be used to crash a directory authority
    (CVE-2021-28090)
* Ship geoip files based on the IPFire Location Database

This update was imported from the openSUSE:Leap:15.2:Update update project.

References

CVE: CVE-2021-28090
CVE: CVE-2021-28089
Bugzilla: 1183726 VUL-0: CVE-2021-28089,CVE-2021-28090: tor: New releases (with security fixes): 0.3.5.14, 0.4.4.8, and 0.4.5.7

Packages

tor-0.4.5.7-bp152.2.9.1