openSUSE Security Update: Security update for tor ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:3282-1 Rating: moderate References: #1005292 #1016343 Cross-References: CVE-2016-1254 Affected Products: openSUSE Leap 42.2 ______________________________________________________________________________
An update that solves one vulnerability and has one errata is now available.
This update for tor updates to version 0.2.8.12 and fixes the following issues:
- a hostile hidden service could cause tor clients to crash (boo#1016343, CVE-2016-1254) - updated fallback directory list - updated geoip and geoip6 to the December 7 2016 Maxmind GeoLite2 Country database. - When Tor leaves standby because of a new application request, open circuits as needed to serve that request - Clients now respond to new application stream requests immediately when they arrive, rather than waiting up to one second before starting to handle them
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2016-1526=1
To bring your system up-to-date, use "zypper patch".
- openSUSE Leap 42.2 (i586 x86_64):
tor-0.2.8.12-3.1 tor-debuginfo-0.2.8.12-3.1 tor-debugsource-0.2.8.12-3.1