1 |
type: security |
2 |
subject: Updated tor packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2021-28089 |
5 |
- CVE-2021-28090 |
6 |
src: |
7 |
7: |
8 |
core: |
9 |
- tor-0.3.5.14-1.mga7 |
10 |
8: |
11 |
core: |
12 |
- tor-0.3.5.14-1.mga8 |
13 |
description: | |
14 |
The dump_desc() function that we used to dump unparseable information to disk, |
15 |
was called incorrectly in several places, in a way that could lead to excessive |
16 |
CPU usage (CVE-2021-28089). |
17 |
|
18 |
A bug in appending detached signatures to a pending consensus document could be |
19 |
used to crash a directory authority (CVE-2021-28090). |
20 |
references: |
21 |
- https://bugs.mageia.org/show_bug.cgi?id=28628 |
22 |
- https://blog.torproject.org/node/2009 |
23 |
ID: MGASA-2021-0180 |