Updated tor package fixes security vulnerability
Publication date: 05 Aug 2014Modification date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5117
Description
Tor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is
received by a client, which makes it easier for remote attackers to conduct
traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY
cells as a means of communicating information about hidden service names
(CVE-2014-5117).
References
- https://bugs.mageia.org/show_bug.cgi?id=13824
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5117
- https://lists.torproject.org/pipermail/tor-announce/2014-July/000093.html
- https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5117
SRPMS
3/core
- tor-0.2.4.23-1.mga3
4/core
- tor-0.2.4.23-1.mga4