Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE Enhancements for SLE-15-SP8 Major Threat Mitigation Notice

opensuse
Calendar Grey April 23, 2026
Dist Opensuse Esm H88
Update for openSUSE Backports fixes moderate security issues, including remote crashes and other improvements for tor.
An update that contains security fixes can now be installed.

Description

This update for tor fixes the following issues:

- update to 0.4.8.23:

* Fix a memory compare using the wrong length. This could lead to a

remote crash when using the conflux subsystem (TROVE-2026-004,

boo#1262302)

* Fix a series of defense in depth security issues found across the

codebase

* Regenerate fallback directories generated on March 25, 2026.

* Update the geoip files to match the IPFire Location Database, as

retrieved on 2026/03/25.

- includes changes from 0.4.8.22:

* Avoid an out-of-bounds read error that could occur with V1-formatted

EXTEND cells (TROVE-2025-016, boo#1262301)

* Allow old clients to fetch the consensus even if they use version 0 of

the SENDME protocol

* Do not check for compression bombs for buffers smaller than 5MB

(increased from 64 KB)

* Improvements to directory server statistics

- update to 0.4.8.21:

* This release is a continuation of the...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-147=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-147=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

tor-0.4.8.23-bp157.2.6.1

tor-debuginfo-0.4.8.23-bp157.2.6.1

tor-debugsource-0.4.8.23-bp157.2.6.1

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):

tor-0.4.8.23-bp156.2.6.1

References

https://bugzilla.suse.com/1262301

https://bugzilla.suse.com/1262302

Announcement ID: openSUSE-SU-2026:0147-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here