http://bugzilla.opensuse.org/show_bug.cgi?id=1167013 Bug ID: 1167013 Summary: VUL-0: CVE-2020-10592: tor: CPU consumption DoS and timing patterns (TROVE-2020-002) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: bwiedemann@suse.com Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de Found By: --- Blocker: --- https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): - Fix a denial-of-service bug that could be used by anyone to consume a bunch of CPU on any Tor relay or authority, or by directories to consume a bunch of CPU on clients or hidden services. Because of the potential for CPU consumption to introduce observable timing patterns, we are treating this as a high-severity security issue. Fixes bug 33119; bugfix on 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue as TROVE-2020-002 and CVE-2020-10592. Fixed in 0.3.5.10, 0.4.1.9, and 0.4.2.7. -- You are receiving this mail because: You are on the CC list for the bug.