Advisories ยป MGASA-2017-0008

Updated tor package fixes security vulnerability

Publication date: 06 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1254

Description

It was discovered that Tor, a connection-based low-latency anonymous
communication system, may read one byte past a buffer when parsing
hidden service descriptors. This issue may enable a hostile hidden
service to crash Tor clients depending on hardening options and malloc
implementation (CVE-2016-1254).
                

References

SRPMS

5/core