Mageia 2020-0442: tor security update
Summary
When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel (TROVE-2020-005).
References
- https://bugs.mageia.org/show_bug.cgi?id=27606
- https://gitlab.torproject.org/tpo/core/tor/-/blob/HEAD/ChangeLog
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HALCW6KZMSIIXVTNHTNUQPBOYYMU5LL/
Resolution
MGASA-2020-0442 - Updated tor package fixes security vulnerabilities
SRPMS
- 7/core/tor-0.3.5.12-1.mga7