MGASA-2014-0256

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2014-0256.html
Import Source
https://advisories.mageia.org/MGASA-2014-0256.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0256
Related
Published
2014-06-06T14:33:56Z
Modified
2022-01-22T02:45:17Z
Summary
Updated tor packages fix multiple vulnerabilities
Details

Update to version 0.2.4.22 which solves these major and security problems:

  • Block authority signing keys that were used on authorities vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160).

  • Fix a memory leak that could occur if a microdescriptor parse fails during the tokenizing step.

  • The relay ciphersuite list is now generated automatically based on uniform criteria, and includes all OpenSSL ciphersuites with acceptable strength and forward secrecy.

  • Relays now trust themselves to have a better view than clients of which TLS ciphersuites are better than others.

  • Clients now try to advertise the same list of ciphersuites as Firefox 28.

For other changes see the upstream change log

References
Credits

Affected packages

Mageia:3 / tor

Package

Name
tor
Purl
pkg:rpm/mageia/tor?distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.4.22-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Mageia:4 / tor

Package

Name
tor
Purl
pkg:rpm/mageia/tor?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.4.22-1.mga4

Ecosystem specific 

{
    "section": "core"
}