Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

openSUSE: 2021:0474-1 Moderate Update: Tor Denial Of Service Fix

opensuse
Calendar Grey March 25, 2021
Dist Opensuse Esm H88
An update for openSUSE resolves two denial of service vulnerabilities in tor. Discover further details regarding these security flaws and their resolutions.
An update that fixes two vulnerabilities is now available

Description

This update for tor fixes the following issues:

tor was updated to 0.4.5.7

*

https://archive.torproject.org/websites/lists.torproject.org/pipermail/tor-announce/2021-March/000216.html

* Fix 2 denial of service security issues (boo#1183726)

+ Disable the dump_desc() function that we used to dump unparseable

information to disk (CVE-2021-28089)

+ Fix a bug in appending detached signatures to a pending consensus

document that could be used to crash a directory authority

(CVE-2021-28090)

* Ship geoip files based on the IPFire Location Database

This update was imported from the openSUSE:Leap:15.2:Update update project.

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2021-474=1

Package List

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

tor-0.4.5.7-bp152.2.9.1

References

https://www.suse.com/security/cve/CVE-2021-28089.html

https://www.suse.com/security/cve/CVE-2021-28090.html

https://bugzilla.suse.com/1183726

Announcement ID: openSUSE-SU-2021:0474-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP2 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.