Mageia 7: 2020-0165 Moderate: Tor Denial Of Service Issues

mageia

April 15, 2020

Updated tor package fixes security vulnerabilities: Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service (CPU consumption) (CVE-2020-10592).

Summary

Updated tor package fixes security vulnerabilities:
Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service (CPU consumption) (CVE-2020-10592).
Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service (memory leak). This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit (CVE-2020-10593).

References

- https://bugs.mageia.org/show_bug.cgi?id=26356

- https://blog.torproject.org/new-releases-03510-0419-0427/

- https://www.cve.org/CVERecord?id=CVE-2020-10592

- https://www.cve.org/CVERecord?id=CVE-2020-10593

Topics Covered

security advisory remote attack memory leak Denial of Service tor CPU consumption Mageia

Resolution

SRPMS

- 7/core/tor-0.3.5.10-1.mga7

Severity

important

Lowest

Low

Medium

High

Critical

Publication date: 15 Apr 2020

URL: https://advisories.mageia.org/MGASA-2020-0165.html

Type: security

CVE: CVE-2020-10592, CVE-2020-10593

Topics Covered

security advisory remote attack memory leak Denial of Service tor CPU consumption Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks