[ MDVSA-2015:205 ] tor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:205
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tor
 Date    : April 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated tor packages fix security vulnerabilities:
 
 disgleirio discovered that a malicious client could trigger an
 assertion failure in a Tor instance providing a hidden service,
 thus rendering the service inaccessible (CVE-2015-2928).
 
 DonnchaC discovered that Tor clients would crash with an assertion
 failure upon parsing specially crafted hidden service descriptors
 (CVE-2015-2929).
 
 Introduction points would accept multiple INTRODUCE1 cells on one
 circuit, making it inexpensive for an attacker to overload a hidden
 servi

007 Software

Leave a Reply Cancel reply

Software and Security Information