This update for tor fixes the following issues:
- update to 0.4.8.23:
* Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem (TROVE-2026-004,
boo#1262302)
* Fix a series of defense in depth security issues found across the
codebase
* Regenerate fallback directories generated on March 25, 2026.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2026/03/25.
- includes changes from 0.4.8.22:
* Avoid an out-of-bounds read error that could occur with V1-formatted
EXTEND cells (TROVE-2025-016, boo#1262301)
* Allow old clients to fetch the consensus even if they use version 0 of
the SENDME protocol
* Do not check for compression bombs for buffers smaller than 5MB
(increased from 64 KB)
* Improvements to directory server statistics
- update to 0.4.8.21:
* This release is a continuation of the...
Read the Full AdvisoryPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP7:
zypper in -t patch openSUSE-2026-147=1
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2026-147=1
- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):
tor-0.4.8.23-bp157.2.6.1
tor-debuginfo-0.4.8.23-bp157.2.6.1
tor-debugsource-0.4.8.23-bp157.2.6.1
- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le s390x x86_64):
tor-0.4.8.23-bp156.2.6.1
https://bugzilla.suse.com/1262301
https://bugzilla.suse.com/1262302
Get the latest Linux and open source security news straight to your inbox.