Updated tor package fixes security vulnerability
Publication date: 06 Jan 2017Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1254
Description
It was discovered that Tor, a connection-based low-latency anonymous communication system, may read one byte past a buffer when parsing hidden service descriptors. This issue may enable a hostile hidden service to crash Tor clients depending on hardening options and malloc implementation (CVE-2016-1254).
References
SRPMS
5/core
- tor-0.2.8.12-1.mga5