openSUSE Security Update : tor (openSUSE-SU-2012:1278-1)
Medium Nessus Plugin ID 74768
SynopsisThe remote openSUSE host is missing a security update.
Description- update to 0.2.2.39 [bnc#780620] Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes :
- Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object (CVE-2012-4922).
- Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients (CVE-2012-4419).
SolutionUpdate the affected tor packages.