Advisories ยป MGASA-2014-0059

Updated tor package fixes security vulnerability

Publication date: 12 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7295

Description

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a
certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge
platforms, does not properly generate random numbers for relay identity
keys and hidden-service identity keys, which might make it easier for
remote attackers to bypass cryptographic protection mechanisms via
unspecified vectors (CVE-2013-7295).
                

References

SRPMS

3/core

4/core