Advisories » MGASA-2017-0353

Updated tor packages fix security vulnerability

Publication date: 21 Sep 2017
Modification date: 21 Sep 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-0380

Description

Due to the code that reports an error during the construction of an
introduction point circuit, it is possible that some hidden services
will sometimes write sensitive information into their logs if the
SafeLogging option is disabled.  Note that SafeLogging is enabled by
default (CVE-2017-0380).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21740
• https://lists.torproject.org/pipermail/tor-talk/2017-September/043585.html
• https://blog.torproject.org/new-tor-stable-releases-02815-02912-03011-fix-onion-service-security-issue
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0380

SRPMS

5/core

• tor-0.2.8.15-1.mga5

6/core

• tor-0.2.9.12-1.mga6