Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 41 articles for you...
202
security advisorymoderatesecurity fixopenSUSE Backports Moderate: 2023:0361-1 Tor DoS Enhancements
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0361-1 Rating: moderate References: #1216873 Affected Products: openSUSE Backports SLE-15-SP4 openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: - tor 0.4.8.8: * Mitigate an issue when Tor compiled with OpenSSL can crash during handshake with a remote relay. (TROVE-2023-004, boo#1216873) * Regenerate fallback directories generated on November 03, 2023. * Update the geoip files to match the IPFire Location Database, as retrieved on 2023/11/03 * directory authority: Look at the network parameter "maxunmeasuredbw" with the correct spelling * vanguards addon support: Count the conflux linked cell as valid when it is successfully processed. This will quiet a spurious warn in the vanguards addon - tor 0.4.8.7: * Fix an issue that prevented us from pre-building more conflux sets after existing sets had been used - tor 0.4.8.6: * onion service: Fix a reliability issue where services were expiring their introduction points every consensus update. This caused connectivity issues for clients caching the old descriptor and intro points * Log the input and output buffer sizes when we detect a potential compression bomb * Disable multiple BUG warnings of a missing relay identity key when starting an instance of Tor compiled without relay support * When reporting a pseudo-networkstatus as a bridge authority, or answering "ns/purpose/*" controller requests, include accurate published-on dates fromour list of router descriptors * Use less frightening language and lower the log-level of our run-time ABI compatibility check message in our Zstd compression subsystem - tor 0.4.8.5: * bugfixes creating log BUG stacktrace - tor 0.4.8.4: * Extend DoS protection to partially opened channels and known relays * Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks against hidden services. Disabled by default, enable via "HiddenServicePoW" in torrc * Implement conflux traffic splitting * Directory authorities and relays now interact properly with directory authorities if they change addresses - tor 0.4.7.14: * bugfix affecting vanguards (onion service), and minor fixes - Enable support for scrypt() Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-361=1 - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-361=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.8.8-bp155.2.3.1 tor-debuginfo-0.4.8.8-bp155.2.3.1 tor-debugsource-0.4.8.8-bp155.2.3.1 - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.8.8-bp154.2.15.1 References: https://bugzilla.suse.com/1216873 . This maintenance release tackles several vulnerabilities in the system, improving overall performance and reducing the risk of exploitation.. OpenSUSE Security Update, Tor Fixes, DoS Protection Enhancements, Security Updates. . LinuxSecurity.com Team
Nov 10, 2023 OpenSUSE 197
security advisorycriticaldebianDebian 10 Buster DLA-3286-1 Critical: Tor Logic Issue With SafeSocks
A logic error was discovered in the implementation of the "SafeSocks" option of Tor, a connection-based low-latency anonymous communication system, which did result in allowing unsafe SOCKS4 traffic to pass. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3286-1
Jan 28, 2023 •Critical Debian LTS 
202
security advisorymoderateopenSUSEopenSUSE: 2023:0027-1 Moderate Update for Tor DNS Leak Vulnerability
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0027-1 Rating: moderate References: #1207110 Affected Products: openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: tor 0.4.7.13: * fix SafeSocks option to avoid DNS leaks (boo#1207110, TROVE-2022-002) * improve congestion control * fix relay channel handling tor 0.4.7.12: * new key for moria1 * new metrics are exported on the MetricsPort for the congestion control subsystem Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-27=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.7.13-bp154.2.12.1 References: https://bugzilla.suse.com/1207110 . New release of Tor bolsters safety, tackling DNS exposure issues and refining user oversight - intermediate notice from openSUSE.. openSUSE Security Update, tor fixes, DNS leaks, relay handling, update instructions. . LinuxSecurity.com Team
Jan 21, 2023 OpenSUSE 202
security advisorymoderate severityopenSUSEopenSUSE: 2023:0022-1 Moderate: Tor DNS Leak Fix Announcement
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2023:0022-1 Rating: moderate References: #1207110 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: tor 0.4.7.13: * fix SafeSocks option to avoid DNS leaks (boo#1207110, TROVE-2022-002) * improve congestion control * fix relay channel handling tor 0.4.7.12: * new key for moria1 * new metrics are exported on the MetricsPort for the congestion control subsystem Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2023-22=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.7.13-bp153.2.24.1 References: https://bugzilla.suse.com/1207110 . openSUSE Security Patch for tor resolving concerns including DNS exposure and traffic management.. openSUSE, tor security, update announcement, DNS leak fix, moderate severity. . LinuxSecurity.com Team
Jan 17, 2023 OpenSUSE 202
security advisorymoderatesecurity updateopenSUSE: 2022:10209-1 Moderate: tor DoS Defense Improvements
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10209-1 Rating: moderate References: #1205307 Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tor fixes the following issues: tor 0.4.7.11: * Improve security of DNS cache by randomly clipping the TTL value (boo#1205307, TROVE-2021-009) * Improved defenses against network-wide DoS, multiple counters and metrics added to MetricsPorts * Apply circuit creation anti-DoS defenses if the outbound circuit max cell queue size is reached too many times. This introduces two new consensus parameters to control the queue size limit and number of times allowed to go over that limit. * Directory authority updates * IPFire database and geoip updates * Bump the maximum amount of CPU that can be used from 16 to 128. The NumCPUs torrc option overrides this hardcoded maximum. * onion service: set a higher circuit build timeout for opened client rendezvous circuit to avoid timeouts and retry load * Make the service retry a rendezvous if the circuit is being repurposed for measurements Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10209=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10209=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64i586 ppc64le s390x x86_64): tor-0.4.7.11-bp154.2.9.1 tor-debuginfo-0.4.7.11-bp154.2.9.1 tor-debugsource-0.4.7.11-bp154.2.9.1 - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.7.11-bp153.2.21.1 References: https://bugzilla.suse.com/1205307 . Recent openSUSE security patch for tor, aimed at resolving moderate severity vulnerabilities and bolstering defenses against DoS attacks.. openSUSE Security Update, DoS Defenses, tor Installation. . LinuxSecurity.com Team
Nov 20, 2022 OpenSUSE 202
security advisorysoftware updateimportantopenSUSE: 2022:10024-1 Critical: httpd Vulnerability in Security Protocol
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10023-1 Rating: important References: #1200672 Cross-References: CVE-2022-33903 Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tor fixes the following issues: tor was updated to 0.4.7.8: * Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. (TROVE-2022-001, CVE-2022-33903, boo#1200672) * Regenerate fallback directories generated on June 17, 2022. * Update the geoip files to match the IPFire Location Database, as retrieved on 2022/06/17. * Allow the rseq system call in the sandbox * logging bug fixes Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2022-10023=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10023=1 Package List: - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.7.8-bp154.2.3.1 tor-debuginfo-0.4.7.8-bp154.2.3.1 tor-debugsource-0.4.7.8-bp154.2.3.1 - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le x86_64): tor-0.4.7.8-bp153.2.15.1 References: https://www.suse.com/security/cve/CVE-2022-33903.html https://bugzilla.suse.com/1200672 . SignificantopenSUSE enhancement addresses traffic management issues with Tor, delivering security patches to defend against external vulnerabilities.. openSUSE Update, tor Security Fix, Important Security Advisory, remote attack Mitigation. . Severity: Important. LinuxSecurity.com Team
Jun 22, 2022 •Important OpenSUSE 202
security advisorymoderateopenSUSEopenSUSE Leap 15.3: openSUSE-SU-2021:1520-1 Moderate Tor Fix Applied
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1513-1 Rating: moderate References: #1192658 Cross-References: CVE-2021-22929 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tor fixes the following issues: tor 0.4.6.8: * Improving reporting of general overload state for DNS timeout errors by relays * Regenerate fallback directories for October 2021 * Bug fixes for onion services * CVE-2021-22929: do not log v2 onion services access attempt warnings on disk excessively (TROVE-2021-008, boo#1192658) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1513=1 - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2021-1513=1 Package List: - openSUSE Leap 15.2 (x86_64): tor-0.4.6.8-lp152.2.18.1 tor-debuginfo-0.4.6.8-lp152.2.18.1 tor-debugsource-0.4.6.8-lp152.2.18.1 - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): tor-0.4.6.8-bp153.2.9.1 References: https://www.suse.com/security/cve/CVE-2021-22929.html https://bugzilla.suse.com/1192658 . Updates in openSUSE have remedied a tor vulnerability, enhancing log handling and optimizing service performance.. OpenSUSE Security Update, Tor Vulnerability Fixes, Software Patch. . LinuxSecurity.com Team
Nov 29, 2021 OpenSUSE 89
security advisorycriticalsoftware updateFedora 34: FEDORA-2021-847ca2749a Critical: Tor Software Update
update to latest upstream release -fixes CVE-2021-38385. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-847ca2749a 2021-08-24 03:32:16.467222 --------------------------------------------------------------------------------Name : tor Product : Fedora 34 Version : 0.4.5.10 Release : 1.fc34 URL : https://www.torproject.org Summary : Anonymizing overlay network for TCP Description : The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and individuals to share information over public networks without compromising their privacy. Along the same line, Tor is an effective censorship circumvention tool, allowing its users to reach otherwise blocked destinations or content. Tor can also be used as a building block for software developers to create new communication tools with built-in privacy features. This package contains the Tor software that can act as either a server on the Tor network, or as a client to connect to the Tor network. --------------------------------------------------------------------------------Update Information: update to latest upstream release -fixes CVE-2021-38385 --------------------------------------------------------------------------------ChangeLog: --------------------------------------------------------------------------------References: [ 1 ] Bug #1995254 - CVE-2021-38385 tor: assertion failure in signature verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1995254 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-847ca2749a' at the command line. For moreinformation, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Aug 23, 2021 •Critical Fedora 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!