Security update for tor
This update to tor 0.2.9.11 fixes the following vulnerabilities:
- CVE-2017-0375: remotely triggerable assertion failure when a hidden service handles a malformed BEGIN cell (bsc#1043455)
- CVE-2017-0376: remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a hidden service rendezvous circuit (bsc#1043456)
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1043455
VUL-0: CVE-2017-0375: tor: hidden service assertion through malformed BEGIN cell (TROVE-2017-004)
bnc#1043456
VUL-0: CVE-2017-0376: tor: hidden service assertion through BEGIN_DIR cell on rendezvous circuit (TROVE-2017-005)
