Tor 0.3.5.12 has been released on November 12, fixing two security issues: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
openSUSE has issued an advisory for this on November 19: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HALCW6KZMSIIXVTNHTNUQPBOYYMU5LL/
Fixed in current cauldron.
Version: Cauldron => 7Source RPM: tor-0.3.5.11-1.mga8.src.rpm => tor-0.3.5.10-1.mga7Whiteboard: MGA7TOO => (none)
Pushed tor-0.3.5.12-1.mga7 to core/updates_testing for mga7, please test. RPMS/SRPMS: tor-0.3.5.12-1.mga7
Assignee: jani.valimaa => qa-bugs
Advisory: ======================== Updated tor package fixes security vulnerabilities: When completing a channel, relays now check more thoroughly to make sure that it matches any pending circuits before attaching those circuits. Previously, address correctness and Ed25519 identities were not checked in this case, but only when extending circuits on an existing channel(TROVE-2020-005). Channels using obsolete versions of the Tor link protocol are no longer allowed to circumvent address-canonicity checks. This is only a minor issue, since such channels have no way to set ed25519 keys, and therefore should always be rejected for circuits that specify ed25519 identities (tor#40081). The tor package has been updated to version 0.3.5.12, fixing these issues and several other bugs. See the upstream ChangeLog for details. References: https://gitweb.torproject.org/tor.git/tree/ChangeLog?h=tor-0.3.5.12
CC: (none) => jani.valimaa
MGA7-64 MATE on PeaqC1011 No installation issues. # systemctl start tor [root@mach6 ~]# systemctl -l status tor ● tor.service - Anonymizing overlay network for TCP Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled) Active: active (running) since Mon 2020-11-30 14:42:00 CET; 18s ago Process: 21337 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc --verify-config (code=ex> Main PID: 21338 (tor) Tasks: 1 (limit: 2288) Memory: 49.1M CGroup: /system.slice/tor.service └─21338 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc Nov 30 14:42:05 mach6.hviaene.thuis Tor[21338]: The current consensus contains exit nodes. Tor can build exit and internal paths. Nov 30 14:42:05 mach6.hviaene.thuis Tor[21338]: I learned some more directory information, but not enough to build a circuit: We need more microdesc> Nov 30 14:42:05 mach6.hviaene.thuis Tor[21338]: Bootstrapped 57%: Loading relay descriptors Nov 30 14:42:06 mach6.hviaene.thuis Tor[21338]: Bootstrapped 65%: Loading relay descriptors Nov 30 14:42:07 mach6.hviaene.thuis Tor[21338]: Bootstrapped 71%: Loading relay descriptors Nov 30 14:42:07 mach6.hviaene.thuis Tor[21338]: Bootstrapped 78%: Loading relay descriptors Nov 30 14:42:07 mach6.hviaene.thuis Tor[21338]: Bootstrapped 80%: Connecting to the Tor network Nov 30 14:42:07 mach6.hviaene.thuis Tor[21338]: Bootstrapped 85%: Finishing handshake with first hop Nov 30 14:42:07 mach6.hviaene.thuis Tor[21338]: Bootstrapped 90%: Establishing a Tor circuit Nov 30 14:42:08 mach6.hviaene.thuis Tor[21338]: Bootstrapped 100%: Done In firefox 78.5.0 open Preferences - General - Network Settings and enter localhost port 9050 for Manual proxy configuration set on - Socks host Then navigate to https://check.torproject.org/ and get success. Reset Preferences - General - Network Settings to Use sysyem proxy settings, adnd refresh the tor page and get "Sorry. You are not using Tor." OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating update Advisory pushed to SVN.
Keywords: (none) => advisory, validated_updateCC: (none) => ouaurelien, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0442.html
Status: NEW => RESOLVEDResolution: (none) => FIXED