openSUSE Security Update : tor (openSUSE-SU-2014:0719-1) (Heartbleed)

High Nessus Plugin ID 75376

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote openSUSE host is missing a security update.

Description

- tor 0.2.4.22 [bnc#878486] Tor was updated to the recommended version of the 0.2.4.x series.

- major features in 0.2.4.x :

- improved client resilience

- support better link encryption with forward secrecy

- new NTor circuit handshake

- change relay queue for circuit create requests from size-based limit to time-based limit

- many bug fixes and minor features

- changes contained in 0.2.4.22: Backports numerous high-priority fixes. These include blocking all authority signing keys that may have been affected by the OpenSSL 'heartbleed' bug, choosing a far more secure set of TLS ciphersuites by default, closing a couple of memory leaks that could be used to run a target relay out of RAM.

- Major features (security)

- Block authority signing keys that were used on authorities vulnerable to the 'heartbleed' bug in OpenSSL (CVE-2014-0160).

- Major bugfixes (security, OOM) :

- Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step.

- Major bugfixes (TLS cipher selection) :

- The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy.

- Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others.

- Clients now try to advertise the same list of ciphersuites as Firefox 28.

- includes changes from 0.2.4.21: Further improves security against potential adversaries who find breaking 1024-bit crypto doable, and backports several stability and robustness patches from the 0.2.5 branch.

- Major features (client security) :

- When we choose a path for a 3-hop circuit, make sure it contains at least one relay that supports the NTor circuit extension handshake. Otherwise, there is a chance that we're building a circuit that's worth attacking by an adversary who finds breaking 1024-bit crypto doable, and that chance changes the game theory.

- Major bugfixes :

- Do not treat streams that fail with reason END_STREAM_REASON_INTERNAL as indicating a definite circuit failure, since it could also indicate an ENETUNREACH connection error

- includes changes from 0.2.4.20 :

- Do not allow OpenSSL engines to replace the PRNG, even when HardwareAccel is set.

- Fix assertion failure when AutomapHostsOnResolve yields an IPv6 address.

- Avoid launching spurious extra circuits when a stream is pending.

- packaging changes :

- remove init script shadowing systemd unit

- general cleanup

- Add tor-fw-helper for UPnP port forwarding; not used by default

- fix logrotate on systemd-only setups without init scripts, work tor-0.2.2.37-logrotate.patch to tor-0.2.4.x-logrotate.patch

- verify source tarball signature

Solution

Update the affected tor packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=878486

https://lists.opensuse.org/opensuse-updates/2014-05/msg00079.html

Plugin Details

Severity: High

ID: 75376

File Name: openSUSE-2014-398.nasl

Version: 1.7

Type: local

Agent: unix

Published: 2014/06/13

Updated: 2021/01/19

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debuginfo, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:12.3, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/05/20

Vulnerability Publication Date: 2014/04/07

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-0160