openSUSE Security Update : tor (openSUSE-2016-1526)

Medium Nessus Plugin ID 96174


The remote openSUSE host is missing a security update.


This update for tor updates to version and fixes the following issues :

- a hostile hidden service could cause tor clients to crash (boo#1016343, CVE-2016-1254)

- updated fallback directory list

- updated geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database.

- When Tor leaves standby because of a new application request, open circuits as needed to serve that request

- Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them


Update the affected tor packages.

See Also

Plugin Details

Severity: Medium

ID: 96174

File Name: openSUSE-2016-1526.nasl

Version: $Revision: 3.3 $

Type: local

Agent: unix

Published: 2016/12/29

Modified: 2018/01/26

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P


Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:tor, p-cpe:/a:novell:opensuse:tor-debuginfo, p-cpe:/a:novell:opensuse:tor-debugsource, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2016/12/28

Reference Information

CVE: CVE-2016-1254