Advisories » MGASA-2020-0165

Updated tor packages fix security vulnerabilities

Publication date: 15 Apr 2020
Modification date: 15 Apr 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-10592 , CVE-2020-10593

Description

Updated tor package fixes security vulnerabilities:

Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service
(CPU consumption) (CVE-2020-10592).

Tor before 0.3.5.10 allows remote attackers to cause a Denial of Service
(memory leak). This occurs in circpad_setup_machine_on_circ because a
circuit-padding machine can be negotiated twice on the same circuit
(CVE-2020-10593).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26356
• https://blog.torproject.org/node/1855
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10592
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10593

SRPMS

7/core

• tor-0.3.5.10-1.mga7