Detections
Analytics

openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)

high Nessus Plugin ID 75376

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

- tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series.

 - major features in 0.2.4.x :

 - improved client resilience

 - support better link encryption with forward secrecy

 - new NTor circuit handshake

 - change relay queue for circuit create requests from size-based limit to time-based limit

 - many bug fixes and minor features

 - changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL 'heartbleed' bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM.

 - Major features (security)

 - Block authority signing keys that were used on authorities vulnerable to the 'heartbleed' bug in OpenSSL (CVE-2014-0160).

 - Major bugfixes (security, OOM) :

 - Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step.

 - Major bugfixes (TLS cipher selection) :

 - The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy.

 - Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others.

 - Clients now try to advertise the same list of ciphersuites as Firefox 28.

 - includes changes from 0.2.4.21: Further improves security against potential adversaries who find breaking 1024-bit crypto doable, and backports several stability and robustness patches from the 0.2.5 branch.

 - Major features (client security) :

 - When we choose a path for a 3-hop circuit, make sure it contains at least one relay that supports the NTor circuit extension handshake. Otherwise, there is a chance that we're building a circuit that's worth attacking by an adversary who finds breaking 1024-bit crypto doable, and that chance changes the game theory.

 - Major bugfixes :

 - Do not treat streams that fail with reason END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, since it could also indicate an ENETUNREACH connection error

 - includes changes from 0.2.4.20 :

 - Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set.

 - Fix assertion failure when AutomapHostsOnResolve yields an IPv6 address.

 - Avoid launching spurious extra circuits when a stream is pending.

 - packaging changes :

 - remove init script shadowing systemd unit

 - general cleanup

 - Add tor-fw-helper for UPnP port forwarding; not used by default

 - fix logrotate on systemd-only setups without init scripts, work tor-0.2.2.37-logrotate.patch to tor-0.2.4.x-logrotate.patch

 - verify source tarball signature

Solution

Update the affected tor packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=878486

https://lists.opensuse.org/opensuse-updates/2014-05/msg00079.html

Plugin Details

Severity: High

ID: 75376

File Name: openSUSE-2014-398.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/13/2014

Updated: 5/5/2022

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: cpe:/o:novell:opensuse:12.3, p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:tor-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2014

Vulnerability Publication Date: 4/7/2014

CISA Known Exploited Vulnerability Due Dates: 5/25/2022

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0160