Mageia alert MGASA-2017-0353 (tor) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2017-0353: Updated tor packages fix security vulnerability 
Date:
    	       Thu, 21 Sep 2017 15:44:14 +0200
Message-ID:
    	       <20170921134414.D3D069F88E@duvel.mageia.org>
MGASA-2017-0353 - Updated tor packages fix security vulnerability

Publication date: 21 Sep 2017
URL: https://advisories.mageia.org/MGASA-2017-0353.html
Type: security
Affected Mageia releases: 5, 6
CVE: CVE-2017-0380

Description:
Due to the code that reports an error during the construction of an
introduction point circuit, it is possible that some hidden services
will sometimes write sensitive information into their logs if the
SafeLogging option is disabled.  Note that SafeLogging is enabled by
default (CVE-2017-0380).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21740
- https://lists.torproject.org/pipermail/tor-talk/2017-Sept...
-
https://blog.torproject.org/new-tor-stable-releases-02815...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0380

SRPMS:
- 5/core/tor-0.2.8.15-1.mga5
- 6/core/tor-0.2.9.12-1.mga6

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2017-0353: Updated tor packages fix security vulnerability
Date:		Thu, 21 Sep 2017 15:44:14 +0200
Message-ID:		<20170921134414.D3D069F88E@duvel.mageia.org>