SUSE 5052 Published by

A tor security update has been released for SUSE Linux Enterprise 15 SP4 and 5.

openSUSE-SU-2023:0361-1: moderate: Security update for tor

openSUSE Security Update: Security update for tor

Announcement ID: openSUSE-SU-2023:0361-1
Rating: moderate
References: #1216873
Affected Products:
openSUSE Backports SLE-15-SP4
openSUSE Backports SLE-15-SP5

An update that contains security fixes can now be installed.


This update for tor fixes the following issues:

- tor

* Mitigate an issue when Tor compiled with OpenSSL can crash during
handshake with a remote relay. (TROVE-2023-004, boo#1216873)
* Regenerate fallback directories generated on November 03, 2023.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/03
* directory authority: Look at the network parameter "maxunmeasuredbw"
with the correct spelling
* vanguards addon support: Count the conflux linked cell as valid when
it is successfully processed. This will quiet a spurious warn in the
vanguards addon

- tor

* Fix an issue that prevented us from pre-building more conflux sets
after existing sets had been used

- tor

* onion service: Fix a reliability issue where services were expiring
their introduction points every consensus update. This caused
connectivity issues for clients caching the old descriptor and intro
* Log the input and output buffer sizes when we detect a potential
compression bomb
* Disable multiple BUG warnings of a missing relay identity key when
starting an instance of Tor compiled without relay support
* When reporting a pseudo-networkstatus as a bridge authority, or
answering "ns/purpose/*" controller requests, include accurate
published-on dates from our list of router descriptors
* Use less frightening language and lower the log-level of our run-time
ABI compatibility check message in our Zstd compression subsystem

- tor

* bugfixes creating log BUG stacktrace

- tor

* Extend DoS protection to partially opened channels and known relays
* Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks against
hidden services. Disabled by default, enable via "HiddenServicePoW" in
* Implement conflux traffic splitting
* Directory authorities and relays now interact properly with directory
authorities if they change addresses

- tor

* bugfix affecting vanguards (onion service), and minor fixes

- Enable support for scrypt()

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2023-361=1

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-361=1

Package List:

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):


- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):