Bug 1167014 - (CVE-2020-10593) VUL-0: CVE-2020-10593: tor: circuit padding memory leak (TROVE-2020-004)
(CVE-2020-10593)
VUL-0: CVE-2020-10593: tor: circuit padding memory leak (TROVE-2020-004)
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Bernhard Wiedemann
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-18 17:39 UTC by Andreas Stieger
Modified: 2020-11-19 20:27 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2020-03-18 17:39:32 UTC
https://lists.torproject.org/pipermail/tor-announce/2020-March/000196.html

  o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha):
    - Avoid a remotely triggered memory leak in the case that a circuit
      padding machine is somehow negotiated twice on the same circuit.
      Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls.
      This is also tracked as TROVE-2020-004 and CVE-2020-10593.

Fixed in 0.3.5.10, 0.4.1.9, and 0.4.2.7.
Comment 1 Swamp Workflow Management 2020-03-20 20:30:11 UTC
This is an autogenerated message for OBS integration:
This bug (1167014) was mentioned in
https://build.opensuse.org/request/show/786984 15.2 / tor
Comment 2 Swamp Workflow Management 2020-03-24 05:40:13 UTC
This is an autogenerated message for OBS integration:
This bug (1167014) was mentioned in
https://build.opensuse.org/request/show/787624 15.1 / tor
Comment 3 Bernhard Wiedemann 2020-03-24 21:02:49 UTC
https://build.opensuse.org/request/show/786716 updated Factory / tor

so all maintained openSUSE versions now got the update
Comment 4 Swamp Workflow Management 2020-03-29 22:15:41 UTC
openSUSE-SU-2020:0406-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1167013,1167014
CVE References: CVE-2020-10592,CVE-2020-10593
Sources used:
openSUSE Leap 15.1 (src):    tor-0.3.5.10-lp151.2.3.1
Comment 5 Swamp Workflow Management 2020-03-31 16:36:40 UTC
openSUSE-SU-2020:0428-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1167013,1167014
CVE References: CVE-2020-10592,CVE-2020-10593
Sources used:
openSUSE Backports SLE-15-SP1 (src):    tor-0.3.5.10-bp151.3.3.1
Comment 6 OBSbugzilla Bot 2020-11-13 12:50:17 UTC
This is an autogenerated message for OBS integration:
This bug (1167014) was mentioned in
https://build.opensuse.org/request/show/848334 15.1+15.2+Backports:SLE-12+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / tor
Comment 7 Swamp Workflow Management 2020-11-19 20:25:07 UTC
openSUSE-SU-2020:1970-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1164275,1167013,1167014,1173979,1178741
CVE References: CVE-2020-10592,CVE-2020-10593,CVE-2020-15572
JIRA References: 
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    tor-0.3.5.12-25.1
Comment 8 Swamp Workflow Management 2020-11-19 20:27:37 UTC
openSUSE-SU-2020:1970-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1164275,1167013,1167014,1173979,1178741
CVE References: CVE-2020-10592,CVE-2020-10593,CVE-2020-15572
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    tor-0.4.4.6-lp152.2.3.1
openSUSE Leap 15.1 (src):    tor-0.3.5.12-lp151.2.6.1
openSUSE Backports SLE-15-SP2 (src):    tor-0.4.4.6-bp152.2.3.1
openSUSE Backports SLE-15-SP1 (src):    tor-0.3.5.12-bp151.3.6.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    tor-0.3.5.12-25.1