- Home
- CVEs with nessus.description==Updated tor packages fix multiple vulnerabilities :
Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a
certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge
platforms, does not properly generate random numbers for relay
identity keys and hidden-service identity keys, which might make it
easier for remote attackers to bypass cryptographic protection
mechanisms via unspecified vectors (CVE-2013-7295).
Update to version 0.2.4.22 solves these major and security problems :
- Block authority signing keys that were used on
authorities vulnerable to the heartbleed bug in OpenSSL
(CVE-2014-0160).
- Fix a memory leak that could occur if a microdescriptor
parse fails during the tokenizing step.
- The relay ciphersuite list is now generated
automatically based on uniform criteria, and includes
all OpenSSL ciphersuites with acceptable strength and
forward secrecy.
- Relays now trust themselves to have a better view than
clients of which TLS ciphersuites are better than
others.
- Clients now try to advertise the same list of
ciphersuites as Firefox 28.
For other changes see the upstream change log
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top