openSUSE Security Update : tor (openSUSE-SU-2014:0143-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- fixes potentially poor random number generation for
users who 1) use OpenSSL 1.0.0 or later, 2) set
'HardwareAccel 1' in their torrc file, 3) have 'Sandy
Bridge' or 'Ivy Bridge' Intel processors and 4) have no
state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden
service identity keys in such a situation should discard
them and generate new ones. No 2 is not the default
configuration for openSUSE. [bnc#859421] [CVE-2013-7295]

- added patches :

- tor-0.2.3.x-CVE-2013-7295.patch

See also :

http://lists.opensuse.org/opensuse-updates/2014-01/msg00095.html
https://bugzilla.novell.com/show_bug.cgi?id=859421

Solution :

Update the affected tor packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 75409 ()

Bugtraq ID:

CVE ID: CVE-2013-7295

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now