openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)

high Nessus Plugin ID 75376
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

- tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series.

- major features in 0.2.4.x :

- improved client resilience

- support better link encryption with forward secrecy

- new NTor circuit handshake

- change relay queue for circuit create requests from size-based limit to time-based limit

- many bug fixes and minor features

- changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL 'heartbleed' bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM.

- Major features (security)

- Block authority signing keys that were used on authorities vulnerable to the 'heartbleed' bug in OpenSSL (CVE-2014-0160).

- Major bugfixes (security, OOM) :

- Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step.

- Major bugfixes (TLS cipher selection) :

- The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy.

- Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others.

- Clients now try to advertise the same list of ciphersuites as Firefox 28.

- includes changes from 0.2.4.21: Further improves security against potential adversaries who find breaking 1024-bit crypto doable, and backports several stability and robustness patches from the 0.2.5 branch.

- Major features (client security) :

- When we choose a path for a 3-hop circuit, make sure it contains at least one relay that supports the NTor circuit extension handshake. Otherwise, there is a chance that we're building a circuit that's worth attacking by an adversary who finds breaking 1024-bit crypto doable, and that chance changes the game theory.

- Major bugfixes :

- Do not treat streams that fail with reason END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, since it could also indicate an ENETUNREACH connection error

- includes changes from 0.2.4.20 :

- Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set.

- Fix assertion failure when AutomapHostsOnResolve yields an IPv6 address.

- Avoid launching spurious extra circuits when a stream is pending.

- packaging changes :

- remove init script shadowing systemd unit

- general cleanup

- Add tor-fw-helper for UPnP port forwarding; not used by default

- fix logrotate on systemd-only setups without init scripts, work tor-0.2.2.37-logrotate.patch to tor-0.2.4.x-logrotate.patch

- verify source tarball signature

Solution

Update the affected tor packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=878486

https://lists.opensuse.org/opensuse-updates/2014-05/msg00079.html

Plugin Details

Severity: High

ID: 75376

File Name: openSUSE-2014-398.nasl

Version: 1.7

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.2

CVSS v2

Risk Factor: High

Base Score: 9.4

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debuginfo, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/20/2014

Vulnerability Publication Date: 4/7/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0160