openSUSE Security Update : tor (openSUSE-2015-300)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Tor was updated to to fix two security issues that could be
used by an attacker to crash hidden services, or crash clients
visiting hidden services. Hidden services should upgrade as soon as

The following security issues were fixed :

- A malicious client could trigger an assertion failure
and halt a hidden service. (CVE-2015-2928)

- A client could crash with an assertion failure when
parsing a malformed hidden service descriptor.

This release also backports a simple improvement to make hidden
services a bit less vulnerable to denial-of-service attacks :

- Introduction points no longer allow multiple INTRODUCE1
cells to arrive on the same circuit. This should make it
more expensive for attackers to overwhelm hidden
services with introductions.

See also :

Solution :

Update the affected tor packages.

Risk factor :


Family: SuSE Local Security Checks

Nessus Plugin ID: 82754 ()

Bugtraq ID:

CVE ID: CVE-2015-2928

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now