MGASA-2026-0187 Updated tor packages fix security issues

This update provides lots of security issues fixed by upstream since our current version. Please see the links for details...

MGASA-2023-0017 Updated tor packages fix security vulnerability

SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. CVE-2023-23589...

MGASA-2021-0426 Updated tor packages fix security vulnerability

Henry de Valence reported a flaw in the signature verification code in Tor, a connection-based low-latency anonymous communication system. A remote attacker can take advantage of this flaw to cause an assertion failure, resulting in denial of service...

MGASA-2021-0180 Updated tor packages fix security vulnerabilities

The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...

Updated tor packages fix security vulnerabilities

The dumpdesc function that we used to dump unparseable information to disk, was called incorrectly in several places, in a way that could lead to excessive CPU usage CVE-2021-28089. A bug in appending detached signatures to a pending consensus document could be used to crash a directory authority...

MGASA-2018-0161 Updated tor packages fix security vulnerabilities

A protocol-list handling bug that could be used to remotely crash directory authorities with a null-pointer exception CVE-2018-0490. A bug can be remotely triggered in order to crash relays with a use-after-free pattern CVE-2018-0491...

MGASA-2017-0353 Updated tor packages fix security vulnerability

Due to the code that reports an error during the construction of an introduction point circuit, it is possible that some hidden services will sometimes write sensitive information into their logs if the SafeLogging option is disabled. Note that SafeLogging is enabled by default CVE-2017-0380...

MGASA-2017-0176 Updated tor packages fix security vulnerability

A remotely triggerable assertion failure caused by receiving a BEGINDIR cell on a hidden service rendezvous circuit CVE-2017-0376...

Mandriva Linux Security Advisory : tor (MDVSA-2015:205)

Updated tor packages fix security vulnerabilities : disgleirio discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible CVE-2015-2928. DonnchaC discovered that Tor clients would crash with an...

MGASA-2014-0256 Updated tor packages fix multiple vulnerabilities

Update to version 0.2.4.22 which solves these major and security problems: - Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL CVE-2014-0160. - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step. -...