Updated tor packages fix security vulnerabilities
Publication date: 15 Apr 2020Modification date: 15 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10592 , CVE-2020-10593
Description
Updated tor package fixes security vulnerabilities: Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service (CPU consumption) (CVE-2020-10592). Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service (memory leak). This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit (CVE-2020-10593).
References
SRPMS
7/core
- tor-0.3.5.10-1.mga7