Updated tor packages fix security vulnerability
Publication date: 25 Oct 2016Modification date: 25 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-8860
Description
It has been discovered that Tor treats the contents of some buffer chunks
as if they were a NUL-terminated string. This issue could enable a remote
attacker to crash a Tor client, hidden service, relay, or authority
(CVE-2016-8860).
The tor package has been updated to version 0.2.8.9, which fixes this
issue and several other bugs, including other security issues fixed in
0.2.8.6. See the release announcements for details.
References
- https://bugs.mageia.org/show_bug.cgi?id=19145
- https://blog.torproject.org/blog/tor-0286-released
- https://blog.torproject.org/blog/tor-0287-released-important-fixes
- https://blog.torproject.org/blog/tor-0288-released-important-fixes
- https://blog.torproject.org/blog/tor-0289-released-important-fixes
- https://www.debian.org/security/2016/dsa-3694
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860
SRPMS
5/core
- tor-0.2.8.9-1.mga5