Detections
Analytics

openSUSE Security Update : tor (openSUSE-SU-2014:0975-1)

medium Nessus Plugin ID 77136

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

- Tor 0.2.4.23 [bnc#889688] [CVE-2014-5117] Slows down the risk from guard rotation and backports several important fixes from the Tor 0.2.5 alpha release series.

 - Major features :

 - Clients now look at the 'usecreatefast' consensus parameter to decide whether to use CREATE_FAST or CREATE cells for the first hop of their circuit. This approach can improve security on connections where Tor's circuit handshake is stronger than the available TLS connection security levels, but the tradeoff is more computational load on guard relays.

 - Make the number of entry guards configurable via a new NumEntryGuards consensus parameter, and the number of directory guards configurable via a new NumDirectoryGuards consensus parameter.

 - Major bugfixes :

 - Fix a bug in the bounds-checking in the 32-bit curve25519-donna implementation that caused incorrect results on 32-bit implementations when certain malformed inputs were used along with a small class of private ntor keys.

 - Minor bugfixes :

 - Warn and drop the circuit if we receive an inbound 'relay early' cell.

 - Correct a confusing error message when trying to extend a circuit via the control protocol but we don't know a descriptor or microdescriptor for one of the specified relays.

 - Avoid an illegal read from stack when initializing the TLS module using a version of OpenSSL without all of the ciphers used by the v2 link handshake.

Solution

Update the affected tor packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=889688

https://lists.opensuse.org/opensuse-updates/2014-08/msg00006.html

Plugin Details

Severity: Medium

ID: 77136

File Name: openSUSE-2014-492.nasl

Version: 1.4

Type: local

Agent: unix

Published: 8/12/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debuginfo, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/31/2014

Reference Information

CVE: CVE-2014-5117