openSUSE Security Update : tor (openSUSE-2021-316)

medium Nessus Plugin ID 146750

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for tor fixes the following issues :

tor was updated to 0.4.5.6 :

- https://lists.torproject.org/pipermail/tor-announce/2021-February/000214.html

 - Introduce a new MetricsPort HTTP interface

 - Support IPv6 in the torrc Address option

 - Add event-tracing library support for USDT and LTTng-UST

 - Try to read N of N bytes on a TLS connection

tor was updated to 0.4.4.7 :

- https://blog.torproject.org/node/1990

 - Stop requiring a live consensus for v3 clients and services

 - Re-entry into the network is now denied at the Exit level

 - Fix undefined behavior on our Keccak library

 - Strip '\r' characters when reading text files on Unix platforms

 - Handle partial SOCKS5 messages correctly

 - Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)

Solution

Update the affected tor packages.

See Also

https://blog.torproject.org/node/1990

https://bugzilla.opensuse.org/show_bug.cgi?id=1178741

http://www.nessus.org/u?52835b08

Plugin Details

Severity: Medium

ID: 146750

File Name: openSUSE-2021-316.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/22/2021

Updated: 2/22/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: Medium

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debuginfo, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/20/2021

Vulnerability Publication Date: 2/20/2021