Lucene search

Gentoo FoundationMGASA-2014-0059

HistoryFeb 12, 2014 - 9:13 p.m.

Updated tor package fixes security vulnerability

2014-02-1221:13:24

Gentoo Foundation

advisories.mageia.org

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

55.5%

JSON

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for relay identity keys and hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors (CVE-2013-7295).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchtor< 0.2.4.20-1tor-0.2.4.20-1.mga3
Mageia4noarchtor< 0.2.4.20-1tor-0.2.4.20-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	tor	< 0.2.4.20-1	tor-0.2.4.20-1.mga3
Mageia	4	noarch	tor	< 0.2.4.20-1	tor-0.2.4.20-1.mga4

References

lists.opensuse.org/opensuse-updates/2014-01/msg00095.html

bugs.mageia.org/show_bug.cgi?id=12464

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for MGASA-2014-0059