advisories/28628.adv

type: security
subject: Updated tor packages fix security vulnerabilities
CVE:
 - CVE-2021-28089
 - CVE-2021-28090
src:
  7:
   core:
     - tor-0.3.5.14-1.mga7
  8:
   core:
     - tor-0.3.5.14-1.mga8
description: |
  The dump_desc() function that we used to dump unparseable information to disk,
  was called incorrectly in several places, in a way that could lead to excessive
  CPU usage (CVE-2021-28089).
  
  A bug in appending detached signatures to a pending consensus document could be
  used to crash a directory authority (CVE-2021-28090).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=28628
 - https://blog.torproject.org/node/2009
ID: MGASA-2021-0180
1	type: security
2	subject: Updated tor packages fix security vulnerabilities
3	CVE:
4	- CVE-2021-28089
5	- CVE-2021-28090
6	src:
7	7:
8	core:
9	- tor-0.3.5.14-1.mga7
10	8:
11	core:
12	- tor-0.3.5.14-1.mga8
13	description: \|
14	The dump_desc() function that we used to dump unparseable information to disk,
15	was called incorrectly in several places, in a way that could lead to excessive
16	CPU usage (CVE-2021-28089).
17
18	A bug in appending detached signatures to a pending consensus document could be
19	used to crash a directory authority (CVE-2021-28090).
20	references:
21	- https://bugs.mageia.org/show_bug.cgi?id=28628
22	- https://blog.torproject.org/node/2009
23	ID: MGASA-2021-0180