Overview

File _patchinfo of Package patchinfo.16854

<patchinfo incident="16854">
  <issue tracker="bnc" id="1189489">VUL-0: CVE-2021-38385: tor: assertion failure in signature verification</issue>
  <issue tracker="cve" id="2021-38385"/>
  <packager>bmwiedemann</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for tor</summary>
  <description>This update for tor fixes the following issues:

tor 0.4.6.7:

* Fix a DoS via a remotely triggerable assertion failure
  (boo#1189489, TROVE-2021-007, CVE-2021-38385)

tor 0.4.6.6:

* Enable the deterministic RNG for unit tests that covers the
  address set bloomfilter-based API's

tor 0.4.6.5

* Add controller support for creating v3 onion services with
  client auth
* When voting on a relay with a Sybil-like appearance, add the
  Sybil flag when clearing out the other flags. This lets a relay
  operator know why their relay hasn't been included in the
  consensus
* Relays now report how overloaded they are
* Add a new DoS subsystem to control the rate of client
  connections for relays
* Relays now publish statistics about v3 onions services
* Improve circuit timeout algorithm for client performance
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places