The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Tor: denial of service

Synthesis of the vulnerability 

An attacker can generate a fatal error of Tor, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap.
Severity of this bulletin: 1/4.
Creation date: 19/10/2016.
Références of this threat: CVE-2016-8860, DLA-663-1, DSA-3694-1, FEDORA-2016-3b6393acdd, FEDORA-2016-59316cf667, openSUSE-SU-2016:2603-1, VIGILANCE-VUL-20913.

Description of the vulnerability 

An attacker can generate a fatal error of Tor, in order to trigger a denial of service.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity alert impacts software or systems such as Debian, Fedora, openSUSE, openSUSE Leap.

Our Vigil@nce team determined that the severity of this weakness is low.

The trust level is of type confirmed by the editor, with an origin of internet server.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat 

Debian: new tor packages.
New packages are available:
  Debian 7: tor 0.2.4.27-2
  Debian 8: tor 0.2.5.12-3

Fedora: new tor packages.
New packages are available:
  Fedora 23: tor 0.2.8.9-1.fc23
  Fedora 24: tor 0.2.8.9-1.fc24

openSUSE: new tor packages.
New packages are available:
  openSUSE 13.2: tor 0.2.7.6-26.1
  openSUSE Leap 42.1: tor 0.2.7.6-13.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a software vulnerability database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.