Lucene search
SuseOPENSUSE-SU-2021:0941-1HistoryJun 30, 2021 - 12:00 a.m.
Security update for tor (important)
2021-06-3000:00:00
lists.opensuse.org
17
tor
vulnerabilities
fixes
update
openssl
denial-of-service
relays
memory access
glibc
autoconf
logging
opensuse
EPSS
0.007
Percentile
81.2%
An update that solves three vulnerabilities and has three
fixes is now available.
Description:
This update for tor fixes the following issues:
tor 0.4.5.9
- Don’t allow relays to spoof RELAY_END or RELAY_RESOLVED cell
(CVE-2021-34548, boo#1187322) - Detect more failure conditions from the OpenSSL RNG code (boo#1187323)
- Resist a hashtable-based CPU denial-of-service attack against relays
(CVE-2021-34549, boo#1187324) - Fix an out-of-bounds memory access in v3 onion service descriptor
parsing (CVE-2021-34550, boo#1187325)
tor 0.4.5.8
- https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html
- allow Linux sandbox with Glibc 2.33
- work with autoconf 2.70+
- several other minor features and bugfixes (see announcement)
- Fix logging issue due to systemd picking up stdout - boo#1181244
Continue to log notices to syslog by default.
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-941=1
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15-SP2 | aarch64 | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.aarch64.rpm |
| openSUSE Backports SLE | 15-SP2 | ppc64le | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm |
| openSUSE Backports SLE | 15-SP2 | s390x | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.s390x.rpm |
| openSUSE Backports SLE | 15-SP2 | x86_64 | - opensuse backports sle | < 15-SP2 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
Related
openvas
openvas
Debian: Security Advisory (DSA-4932-1)
2021-06-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0293)
2022-01-28 00:00:00
Fedora: Security Advisory for tor (FEDORA-2021-ff4ad9825a)
2021-06-24 00:00:00
nessus
nessus
Debian DSA-4932-1 : tor - security update
2021-06-21 00:00:00
openSUSE 15 Security Update : tor (openSUSE-SU-2021:0926-1)
2021-06-28 00:00:00
GLSA-202107-25 : Tor: Multiple vulnerabilities
2022-01-24 00:00:00
osv
osv
tor - security update
2021-06-18 00:00:00
tor vulnerabilities
2022-10-04 11:04:57
CVE-2021-34549
2021-06-29 12:15:08
archlinux
archlinux
[ASA-202106-50] tor: denial of service
2021-06-22 00:00:00
debian
debian
[SECURITY] [DSA 4932-1] tor security update
2021-06-18 17:39:55
fedora
fedora
[SECURITY] Fedora 34 Update: tor-0.4.5.9-1.fc34
2021-06-23 01:08:31
[SECURITY] Fedora 33 Update: tor-0.4.5.9-1.fc33
2021-06-23 01:14:16
mageia
mageia
Updated tor package fixes security vulnerabilities
2021-06-29 00:16:35
suse
suse
Security update for tor (important)
2021-06-26 00:00:00
gentoo
gentoo
Tor: Multiple vulnerabilities
2021-07-10 00:00:00
ubuntu
ubuntu
Tor vulnerabilities
2022-10-04 00:00:00
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
alpinelinux
alpinelinux
prion
prion
Information disclosure
2021-06-29 11:15:00
Design/Logic Flaw
2021-06-29 12:15:00
Design/Logic Flaw
2021-06-29 12:15:00
nvd
nvd
veracode
veracode
Denial Of Service (DoS)
2021-06-19 20:48:46
debiancve
debiancve