Advisories ยป MGASA-2014-0256

Updated tor packages fix multiple vulnerabilities

Publication date: 06 Jun 2014
Modification date: 22 Jan 2022
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0160

Description

Update to version 0.2.4.22 which solves these major and security problems:


   - Block authority signing keys that were used on authorities
     vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160).

   - Fix a memory leak that could occur if a microdescriptor parse
     fails during the tokenizing step.

   - The relay ciphersuite list is now generated automatically based on
     uniform criteria, and includes all OpenSSL ciphersuites with
     acceptable strength and forward secrecy.

   - Relays now trust themselves to have a better view than clients of
     which TLS ciphersuites are better than others.

   - Clients now try to advertise the same list of ciphersuites as
     Firefox 28.


For other changes see the upstream change log
                

References

SRPMS

3/core

4/core