User: Password:
|
|
Subscribe / Log in / New account

openSUSE alert openSUSE-SU-2014:0143-1 (tor)

From:  opensuse-security@opensuse.org
To:  opensuse-updates@opensuse.org
Subject:  openSUSE-SU-2014:0143-1: moderate: update for tor
Date:  Tue, 28 Jan 2014 13:04:41 +0100 (CET)
Message-ID:  <20140128120441.F1F2232163@maintenance.suse.de>

openSUSE Security Update: update for tor ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:0143-1 Rating: moderate References: #859421 Cross-References: CVE-2013-7295 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - fixes potentially poor random number generation for users who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors and 4) have no state file in their DataDirectory (as would happen on first start). Users who generated relay or hidden service identity keys in such a situation should discard them and generate new ones. No 2 is not the default configuration for openSUSE. [bnc#859421] [CVE-2013-7295] - added patches: * tor-0.2.3.x-CVE-2013-7295.patch Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-86 - openSUSE 12.3: zypper in -t patch openSUSE-2014-86 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): tor-0.2.3.25-5.4.1 tor-debuginfo-0.2.3.25-5.4.1 tor-debugsource-0.2.3.25-5.4.1 - openSUSE 12.3 (i586 x86_64): tor-0.2.3.25-2.4.1 tor-debuginfo-0.2.3.25-2.4.1 tor-debugsource-0.2.3.25-2.4.1 References: http://support.novell.com/security/cve/CVE-2013-7295.html https://bugzilla.novell.com/859421


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds