{"affected":[{"ecosystem_specific":{"binaries":[{"tor":"0.4.6.7-bp153.2.6.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP3","name":"tor","purl":"pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.6.7-bp153.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"tor":"0.4.6.7-bp153.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"tor","purl":"pkg:rpm/opensuse/tor&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.4.6.7-bp153.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for tor fixes the following issues:\n\ntor 0.4.6.7:\n\n* Fix a DoS via a remotely triggerable assertion failure\n  (boo#1189489, TROVE-2021-007, CVE-2021-38385)\n\ntor 0.4.6.6:\n\n* Enable the deterministic RNG for unit tests that covers the\n  address set bloomfilter-based API's\n\ntor 0.4.6.5\n\n* Add controller support for creating v3 onion services with\n  client auth\n* When voting on a relay with a Sybil-like appearance, add the\n  Sybil flag when clearing out the other flags. This lets a relay\n  operator know why their relay hasn't been included in the\n  consensus\n* Relays now report how overloaded they are\n* Add a new DoS subsystem to control the rate of client\n  connections for relays\n* Relays now publish statistics about v3 onions services\n* Improve circuit timeout algorithm for client performance\n","id":"openSUSE-SU-2021:1192-1","modified":"2021-08-25T15:57:20Z","published":"2021-08-25T15:57:20Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IZNA4UBO42ISVK2GMMR2H5RCFMPHLYVV/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1189489"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-38385"}],"related":["CVE-2021-38385"],"summary":"Security update for tor","upstream":["CVE-2021-38385"]}