|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0312 (tor)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0312: Updated tor package fixes security vulnerability 


Date:
    	      Tue, 5 Aug 2014 22:09:03 +0200


Message-ID:
    	      <20140805200903.915805C9FB@valstar.mageia.org>


MGASA-2014-0312 - Updated tor package fixes security vulnerability

Publication date: 05 Aug 2014
URL: http://advisories.mageia.org/MGASA-2014-0312.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-5117

Description:
Tor before 0.2.4.23 maintains a circuit after an inbound RELAY_EARLY cell is
received by a client, which makes it easier for remote attackers to conduct
traffic-confirmation attacks by using the pattern of RELAY and RELAY_EARLY
cells as a means of communicating information about hidden service names
(CVE-2014-5117).

References:
- https://bugs.mageia.org/show_bug.cgi?id=13824
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-...
- https://lists.torproject.org/pipermail/tor-announce/2014-...
- https://blog.torproject.org/blog/tor-security-advisory-re...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5117

SRPMS:
- 4/core/tor-0.2.4.23-1.mga4
- 3/core/tor-0.2.4.23-1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds