DescriptionTor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.SUSE Bugzilla entry: 923284 [RESOLVED / FIXED] SUSE Security Advisories:
- openSUSE-SU-2015:0600-1, published Wed, 25 Mar 2015 13:04:53 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA tor-0.2.8.11-1.1