Advisories ยป MGASA-2016-0356

Updated tor packages fix security vulnerability

Publication date: 25 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8860

Description

It has been discovered that Tor treats the contents of some buffer chunks
as if they were a NUL-terminated string. This issue could enable a remote
attacker to crash a Tor client, hidden service, relay, or authority
(CVE-2016-8860).

The tor package has been updated to version 0.2.8.9, which fixes this
issue and several other bugs, including other security issues fixed in
0.2.8.6.  See the release announcements for details.
                

References

SRPMS

5/core