Advisories ยป MGASA-2014-0256

Updated tor packages fix multiple vulnerabilities

Publication date: 06 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0160


Update to version which solves these major and security problems:

   - Block authority signing keys that were used on authorities
     vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160).

   - Fix a memory leak that could occur if a microdescriptor parse
     fails during the tokenizing step.

   - The relay ciphersuite list is now generated automatically based on
     uniform criteria, and includes all OpenSSL ciphersuites with
     acceptable strength and forward secrecy.

   - Relays now trust themselves to have a better view than clients of
     which TLS ciphersuites are better than others.

   - Clients now try to advertise the same list of ciphersuites as
     Firefox 28.

For other changes see the upstream change log