[Bug 1205307] New: VUL-1: tor: 0.4.7.11 additional defenses against a network wide DoS (TROVE-2021-009)
http://bugzilla.opensuse.org/show_bug.cgi?id=1205307 Bug ID: 1205307 Summary: VUL-1: tor: 0.4.7.11 additional defenses against a network wide DoS (TROVE-2021-009) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: Andreas.Stieger@gmx.de Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de CC: bwiedemann@suse.com Found By: --- Blocker: --- https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes fixed in tor 0.4.7.11 [...] This version contains several major fixes aimed at helping defend against network denial of service. [...] We strongly recommend to upgrade to this version especially for Exit relays in order to help the network defend against this ongoing DDoS. [...] o Major bugfixes (relay): - Improve security of our DNS cache by randomly clipping the TTL value. TROVE-2021-009. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205307 http://bugzilla.opensuse.org/show_bug.cgi?id=1205307#c1 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED Assignee|Andreas.Stieger@gmx.de |bwiedemann@suse.com --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> --- https://build.opensuse.org/request/show/1035139 https://build.opensuse.org/request/show/1035140 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205307 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |IN_PROGRESS Assignee|bwiedemann@suse.com |security-team@suse.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205307 http://bugzilla.opensuse.org/show_bug.cgi?id=1205307#c2 --- Comment #2 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1205307) was mentioned in https://build.opensuse.org/request/show/1035228 Factory / tor -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205307 http://bugzilla.opensuse.org/show_bug.cgi?id=1205307#c3 --- Comment #3 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1205307) was mentioned in https://build.opensuse.org/request/show/1035443 Backports:SLE-15-SP5 / tor -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1205307 http://bugzilla.opensuse.org/show_bug.cgi?id=1205307#c5 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> --- Done -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com