Fedora: Security Advisory for tor (FEDORA-2023-29cafcbf4a) - The Tor network package for Fedora 38 is missing an update, allowing improved privacy and security on the Internet
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.885304");
script_version("2023-12-06T05:06:11+0000");
# TODO: No CVE assigned yet.
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2023-12-06 05:06:11 +0000 (Wed, 06 Dec 2023)");
script_tag(name:"creation_date", value:"2023-11-20 02:16:05 +0000 (Mon, 20 Nov 2023)");
script_name("Fedora: Security Advisory for tor (FEDORA-2023-29cafcbf4a)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC38");
script_xref(name:"Advisory-ID", value:"FEDORA-2023-29cafcbf4a");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKD6JADAMEM5LQNEJHYY47TBJ7NEPA6C");
script_tag(name:"summary", value:"The remote host is missing an update for the 'tor'
package(s) announced via the FEDORA-2023-29cafcbf4a advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"The Tor network is a group of volunteer-operated servers that allows people to
improve their privacy and security on the Internet. Tor', s users employ this
network by connecting through a series of virtual tunnels rather than making a
direct connection, thus allowing both organizations and individuals to share
information over public networks without compromising their privacy. Along the
same line, Tor is an effective censorship circumvention tool, allowing its
users to reach otherwise blocked destinations or content. Tor can also be used
as a building block for software developers to create new communication tools
with built-in privacy features.
This package contains the Tor software that can act as either a server on the
Tor network, or as a client to connect to the Tor network.");
script_tag(name:"affected", value:"'tor' package(s) on Fedora 38.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC38") {
if(!isnull(res = isrpmvuln(pkg:"tor", rpm:"tor~0.4.8.9~1.fc38", rls:"FC38"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo