http://www.mandriva.com/en/
______________________________
Package : tor
Date : April 27, 2015
Affected: Business Server 1.0
______________________________
Problem Description:
Updated tor packages fix security vulnerabilities:
disgleirio discovered that a malicious client could trigger an
assertion failure in a Tor instance providing a hidden service,
thus rendering the service inaccessible (CVE-2015-2928).
DonnchaC discovered that Tor clients would crash with an assertion
failure upon parsing specially crafted hidden service descriptors
(CVE-2015-2929).
Introduction points would accept multiple INTRODUCE1 cells on one
circuit, making it inexpensive for an attacker to overload a hidden
service with introductions. Introduction points now no longer allow
multiple cells of that type on the same circuit.
The tor package has been updated to version 0.2.4.27, fixing these
issues.
______________________________
References:
http://cve.mitre.org/cgi-bin/
http://cve.mitre.org/cgi-bin/
http://advisories.mageia.org/
______________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
70a4fadaae5273088ee158e8933011
980397681a55a95f3610221c508b0b
______________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Komentarų nėra:
Rašyti komentarą