Advisories » MGASA-2014-0059

Updated tor package fixes security vulnerability

Publication date: 12 Feb 2014
Modification date: 19 Sep 2016
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-7295

Description

Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a
certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge
platforms, does not properly generate random numbers for relay identity
keys and hidden-service identity keys, which might make it easier for
remote attackers to bypass cryptographic protection mechanisms via
unspecified vectors (CVE-2013-7295).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12464
• http://lists.opensuse.org/opensuse-updates/2014-01/msg00095.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7295

SRPMS

4/core

• tor-0.2.4.20-1.mga4

3/core

• tor-0.2.4.20-1.mga3