Security update for tor
This update for tor fixes the following issues:
Updating tor to a newer version in the respective codestream.
- tor 0.3.5.12:
* Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
* Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
* Fix DoS defenses on bridges with a pluggable transport
* CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
* CVE-2020-10593: circuit padding memory leak (boo#1167014)
- tor 0.4.4.6
* Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
* Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979)
* Fix logrotate to not fail when tor is stopped (boo#1164275)
-
Submitted by
Bernhard Wiedemann (bmwiedemann)
Fixed bugs
bnc#1167013
VUL-0: CVE-2020-10592: tor: CPU consumption DoS and timing patterns (TROVE-2020-002)
bnc#1164275
logrotate.service fails to start (in relation to tor.service)
bnc#1173979
VUL-0: CVE-2020-15572: tor: out-of-bound memory access when built with NSS support
bnc#1167014
VUL-0: CVE-2020-10593: tor: circuit padding memory leak (TROVE-2020-004)
bnc#1178741
VUL-0: tor: ed25519 identity not checked when competing a channel (TROVE-2020-005)
