Advisories ยป MGASA-2014-0312

Updated tor package fixes security vulnerability

Publication date: 05 Aug 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-5117

Description

Tor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is
received by a client, which makes it easier for remote attackers to conduct
traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY
cells as a means of communicating information about hidden service names
(CVE-2014-5117).
                

References

SRPMS

3/core

4/core