ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2021.0293
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2021-0293)
Resumen:	The remote host is missing an update for the 'tor' package(s) announced via the MGASA-2021-0293 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tor' package(s) announced via the MGASA-2021-0293 advisory. Vulnerability Insight: Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it (CVE-2021-34548). hashtable-based CPU denial-of-service attack against relays (CVE-2021-34549). out-of-bounds memory access in v3 onion service descriptor parsing (CVE-2021-34550). See also upstream release notes for included other bugfixes. This package also fixes an error in tor package's un-install script (mga#29158). Affected Software/OS: 'tor' package(s) on Mageia 7, Mageia 8. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-34548 https://security.gentoo.org/glsa/202107-25 http://packetstormsecurity.com/files/163510/Tor-Half-Closed-Connection-Stream-Confusion.html https://gitlab.torproject.org/tpo/core/tor/-/issues/40389 Common Vulnerability Exposure (CVE) ID: CVE-2021-34549 https://gitlab.torproject.org/tpo/core/tor/-/issues/40391 Common Vulnerability Exposure (CVE) ID: CVE-2021-34550 https://gitlab.torproject.org/tpo/core/tor/-/issues/40392
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.