Security update for tor
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2017:1569-1
Final
1
1
2017-06-15T11:29:49Z
current
2017-06-15T11:29:49Z
2017-06-15T11:29:49Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for tor
This update to tor 0.2.9.11 fixes the following vulnerabilities:
- CVE-2017-0375: remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell (bsc#1043455)
- CVE-2017-0376: remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit (bsc#1043456)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2017-06/msg00047.html
E-Mail link for openSUSE-SU-2017:1569-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.2
tor-0.2.9.11-8.3.1
tor-0.2.9.11-8.3.1 as a component of openSUSE Leap 42.2
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.
CVE-2017-0375
openSUSE Leap 42.2:tor-0.2.9.11-8.3.1
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-06/msg00047.html
https://www.suse.com/security/cve/CVE-2017-0375.html
CVE-2017-0375
https://bugzilla.suse.com/1043455
SUSE Bug 1043455
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.
CVE-2017-0376
openSUSE Leap 42.2:tor-0.2.9.11-8.3.1
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2017-06/msg00047.html
https://www.suse.com/security/cve/CVE-2017-0376.html
CVE-2017-0376
https://bugzilla.suse.com/1043456
SUSE Bug 1043456