Mageia alert MGASA-2016-0356 (tor) [LWN.net]

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2016-0356: Updated tor packages fix security vulnerability 
Date:
    	       Wed, 26 Oct 2016 01:12:12 +0200
Message-ID:
    	       <20161025231212.19C169F7A5@duvel.mageia.org>
MGASA-2016-0356 - Updated tor packages fix security vulnerability

Publication date: 25 Oct 2016
URL: http://advisories.mageia.org/MGASA-2016-0356.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-8860

Description:
It has been discovered that Tor treats the contents of some buffer chunks
as if they were a NUL-terminated string. This issue could enable a remote
attacker to crash a Tor client, hidden service, relay, or authority
(CVE-2016-8860).

The tor package has been updated to version 0.2.8.9, which fixes this
issue and several other bugs, including other security issues fixed in
0.2.8.6.  See the release announcements for details.

References:
- https://bugs.mageia.org/show_bug.cgi?id=19145
- https://blog.torproject.org/blog/tor-0286-released
- https://blog.torproject.org/blog/tor-0287-released-import...
- https://blog.torproject.org/blog/tor-0288-released-import...
- https://blog.torproject.org/blog/tor-0289-released-import...
- https://www.debian.org/security/2016/dsa-3694
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860

SRPMS:
- 5/core/tor-0.2.8.9-1.mga5

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2016-0356: Updated tor packages fix security vulnerability
Date:		Wed, 26 Oct 2016 01:12:12 +0200
Message-ID:		<20161025231212.19C169F7A5@duvel.mageia.org>