Security update for tor SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0600-1 Final 1 1 2015-03-25T08:13:22Z current 2015-03-25T08:13:22Z 2015-03-25T08:13:22Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for tor Tor was updated to 0.2.4.26 to fix several security issues: The release: Contains several medium-level security fixes for relays and exit nodes and also updates the list of directory authorities. * Directory authority updates * relay crashes trough assertion (CVE-2015-2688) * exit node crash through assertion under high DNS load (CVE-2015-2689) * update geoip/geoip6 to the March 3 2015 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-03/msg00079.html E-Mail link for openSUSE-SU-2015:0600-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings tor-0.2.4.26-5.26.1 buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. CVE-2015-2688 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00079.html https://www.suse.com/security/cve/CVE-2015-2688.html CVE-2015-2688 https://bugzilla.suse.com/923284 SUSE Bug 923284 Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. CVE-2015-2689 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-03/msg00079.html https://www.suse.com/security/cve/CVE-2015-2689.html CVE-2015-2689 https://bugzilla.suse.com/923284 SUSE Bug 923284