openSUSE Security Update : tor (openSUSE-2016-1526)

high Nessus Plugin ID 96174

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for tor updates to version 0.2.8.12 and fixes the following issues :

- a hostile hidden service could cause tor clients to crash (boo#1016343, CVE-2016-1254)

- updated fallback directory list

- updated geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.

- When Tor leaves standby because of a new application request, open circuits as needed to serve that request

- Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them

Solution

Update the affected tor packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1005292

https://bugzilla.opensuse.org/show_bug.cgi?id=1016343

Plugin Details

Severity: High

ID: 96174

File Name: openSUSE-2016-1526.nasl

Version: 3.5

Type: local

Agent: unix

Published: 12/29/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:42.2, p-cpe:/a:novell:opensuse:tor-debuginfo

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/28/2016

Reference Information

CVE: CVE-2016-1254