Advisories » MGASA-2018-0161

Updated tor packages fix security vulnerabilities

Publication date: 07 Mar 2018
Modification date: 07 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0490 , CVE-2018-0491

Description

A protocol-list handling bug that could be used to remotely crash
directory authorities with a null-pointer exception (CVE-2018-0490).

A bug can be remotely triggered in order to crash relays with a
use-after-free pattern (CVE-2018-0491).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22690
• https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0490
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0491

SRPMS

6/core

• tor-0.2.9.15-1.mga6