Security update for tor
This update for tor updates to version 0.2.8.12 and fixes the following
issues:
- a hostile hidden service could cause tor clients to crash (boo#1016343,
CVE-2016-1254)
- updated fallback directory list
- updated geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
Country database.
- When Tor leaves standby because of a new application request, open circuits
as needed to serve that request
- Clients now respond to new application stream requests immediately when they
arrive, rather than waiting up to one second before starting to handle them
- Submitted by Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1016343
VUL-0: CVE-2016-1254: tor: remote DOS against clients (TROVE-2016-12-002)
bnc#1005292
VUL-0: CVE-2016-8860: tor: out-of-bounds read on buffer chunks (TROVE-2016-10-001)