openSUSE Security Update: Security update for tor

Announcement ID:    openSUSE-SU-2021:0474-1
Rating:             moderate
References:         #1183726 
Cross-References:   CVE-2021-28089 CVE-2021-28090
Affected Products:
                    openSUSE Backports SLE-15-SP2

   An update that fixes two vulnerabilities is now available.


   This update for tor fixes the following issues:

   tor was updated to


   * Fix 2 denial of service security issues (boo#1183726)
     + Disable the dump_desc() function that we used to dump unparseable
       information to disk (CVE-2021-28089)
     + Fix a bug in appending detached signatures to a pending consensus
       document that could be used to crash a directory authority
   * Ship geoip files based on the IPFire Location Database

   This update was imported from the openSUSE:Leap:15.2:Update update project.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP2:

      zypper in -t patch openSUSE-2021-474=1

Package List:

   - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):