This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
Tor was updated to 0.2.4.27 to fix two security issues that could be
used by an attacker to crash hidden services, or crash clients
visiting hidden services. Hidden services should upgrade as soon as
The following security issues were fixed :
- A malicious client could trigger an assertion failure
and halt a hidden service. (CVE-2015-2928)
- A client could crash with an assertion failure when
parsing a malformed hidden service descriptor.
This release also backports a simple improvement to make hidden
services a bit less vulnerable to denial-of-service attacks :
- Introduction points no longer allow multiple INTRODUCE1
cells to arrive on the same circuit. This should make it
more expensive for attackers to overwhelm hidden
services with introductions.
See also :
Update the affected tor packages.
Risk factor :