{"affected":[{"ecosystem_specific":{"binaries":[{"tor":"0.3.1.9-8.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"tor","purl":"pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.3.1.9-8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tor fixes vulnerabilities that allowed some\ntraffic confirmation, DoS and other attacks (bsc#1070849):\n\n- CVE-2017-8819: Replay-cache ineffective for v2 onion services\n- CVE-2017-8820: Remote DoS attack against directory authorities\n- CVE-2017-8821: An attacker can make Tor ask for a password\n- CVE-2017-8822: Relays can pick themselves in a circuit path\n- CVE-2017-8823: Use-after-free in onion service v2","id":"openSUSE-SU-2017:3203-1","modified":"2017-12-02T14:54:54Z","published":"2017-12-02T14:54:54Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1070849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8819"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8820"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8821"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8822"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-8823"}],"related":["CVE-2017-8819","CVE-2017-8820","CVE-2017-8821","CVE-2017-8822","CVE-2017-8823"],"summary":"Security update for tor","upstream":["CVE-2017-8819","CVE-2017-8820","CVE-2017-8821","CVE-2017-8822","CVE-2017-8823"]}