Security update for tor (important)

An update that solves three vulnerabilities and has two
fixes is now available.

Description:

This update for tor fixes the following issues:

Updating tor to a newer version in the respective codestream.

• tor 0.3.5.12:

  • Check channels+circuits on relays more thoroughly (TROVE-2020-005,
    boo#1178741)
  • Not affected by out-of-bound memory access (CVE-2020-15572,
    boo#1173979)
  • Fix DoS defenses on bridges with a pluggable transport
  • CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
  • CVE-2020-10593: circuit padding memory leak (boo#1167014)

• tor 0.4.4.6

  • Check channels+circuits on relays more thoroughly (TROVE-2020-005,
    boo#1178741)
  • Fix a crash due to an out-of-bound memory access (CVE-2020-15572,
    boo#1173979)
  • Fix logrotate to not fail when tor is stopped (boo#1164275)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2020-1970=1

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2020-1970=1

• openSUSE Backports SLE-15-SP2:

  zypper in -t patch openSUSE-2020-1970=1

• openSUSE Backports SLE-15-SP1:

  zypper in -t patch openSUSE-2020-1970=1

• SUSE Package Hub for SUSE Linux Enterprise 12:

  zypper in -t patch openSUSE-2020-1970=1