Mailinglist Archive: opensuse-updates (108 mails)

< Previous Next >
openSUSE-SU-2014:0143-1: moderate: update for tor
openSUSE Security Update: update for tor
______________________________________________________________________________

Announcement ID: openSUSE-SU-2014:0143-1
Rating: moderate
References: #859421
Cross-References: CVE-2013-7295
Affected Products:
openSUSE 13.1
openSUSE 12.3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:


- fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set
"HardwareAccel 1" in their torrc file, 3) have "Sandy
Bridge" or "Ivy Bridge" Intel processors and 4) have no
state file in their DataDirectory (as would happen on
first start). Users who generated relay or hidden
service identity keys in such a situation should discard
them and generate new ones. No 2 is not the default
configuration for openSUSE. [bnc#859421] [CVE-2013-7295]
- added patches:
* tor-0.2.3.x-CVE-2013-7295.patch


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.1:

zypper in -t patch openSUSE-2014-86

- openSUSE 12.3:

zypper in -t patch openSUSE-2014-86

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.1 (i586 x86_64):

tor-0.2.3.25-5.4.1
tor-debuginfo-0.2.3.25-5.4.1
tor-debugsource-0.2.3.25-5.4.1

- openSUSE 12.3 (i586 x86_64):

tor-0.2.3.25-2.4.1
tor-debuginfo-0.2.3.25-2.4.1
tor-debugsource-0.2.3.25-2.4.1


References:

http://support.novell.com/security/cve/CVE-2013-7295.html
https://bugzilla.novell.com/859421


< Previous Next >
This Thread
  • No further messages