Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE Backports SLE-15-SP7 Tor Major Security Patch 2026-XYZ-2

opensuse
Calendar Grey May 13, 2026
Dist Opensuse Esm H88
Critical openSUSE update for tor addresses 6 vulnerabilities, enhancing security and functionality. Install recommended patches.
An update that fixes 6 vulnerabilities is now available.

Description

This update for tor fixes the following issues:

- Update to 0.4.9.8

* Fix out-of-bounds read (boo#1264341, CVE-2026-44597, TROVE-2026-011)

* Do not attempt or accept BEGIN_DIR via conflux legs (boo#1264342,

CVE-2026-44599,TROVE-2026-008)

* Adjust conflux out-of-order queue accounting when clearing a queue

(boo#1264343, CVE-2026-44600, TROVE-2026-010)

* Fix a client-side crash caused by double-close of a circuit while

under circuit queue memory pressure (boo#1264344, CVE-2026-44601,

TROVE-2026-009)

* Fix null pointer dereference when receiving a CERT cell out of

order (boo#1264345, CVE-2026-44602, TROVE-2026-006)

* Fix off-by-one out-of-bounds read if a malformed BEGIN cell is

received (boo#1264346, CVE-2026-44603, TROVE-2026-007)

- upate to 0.4.9.5:

* first stable release in the 0.4.9 series

* introduces a new circuit-level encryption design for better client

security

* introduce...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update critical network issue OpenSUSE Tor

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-164=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 ppc64le s390x x86_64):

tor-0.4.9.8-bp157.2.9.1

References

https://www.suse.com/security/cve/CVE-2026-44597.html

https://www.suse.com/security/cve/CVE-2026-44599.html

https://www.suse.com/security/cve/CVE-2026-44600.html

https://www.suse.com/security/cve/CVE-2026-44601.html

https://www.suse.com/security/cve/CVE-2026-44602.html

https://www.suse.com/security/cve/CVE-2026-44603.html

https://bugzilla.suse.com/1264341

https://bugzilla.suse.com/1264342

https://bugzilla.suse.com/1264343

https://bugzilla.suse.com/1264344

https://bugzilla.suse.com/1264345

https://bugzilla.suse.com/1264346

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0164-1
Rating: critical
Affected Products: openSUSE Backports SLE-15-SP7

Topics%20covered

Topics Covered

security advisory update critical network issue OpenSUSE Tor

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here