This update for tor fixes the following issues:
Updating tor to a newer version in the respective codestream.
-
tor 0.3.5.12:
- Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
- Not affected by out-of-bound memory access (CVE-2020-15572, boo#1173979)
- Fix DoS defenses on bridges with a pluggable transport
- CVE-2020-10592: CPU consumption DoS and timing patterns (boo#1167013)
- CVE-2020-10593: circuit padding memory leak (boo#1167014)
-
tor 0.4.4.6
- Check channels+circuits on relays more thoroughly (TROVE-2020-005, boo#1178741)
- Fix a crash due to an out-of-bound memory access (CVE-2020-15572, boo#1173979)
- Fix logrotate to not fail when tor is stopped (boo#1164275)