Tor 0.4.5.16 and 0.4.7.13 have been announced on January 12: https://forum.torproject.net/t/stable-release-0-4-5-16-and-0-4-7-13/6216 They fix a security issue with SOCKS4. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 0.4.5.16 and 0.4.7.13Whiteboard: (none) => MGA8TOO
Updated packages uploaded by Stig-Ørjan for Cauldron and Jani for Mageia 8. tor-0.4.5.16-1.mga8 from tor-0.4.5.16-1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8Status comment: Fixed upstream in 0.4.5.16 and 0.4.7.13 => (none)CC: (none) => jani.valimaaSource RPM: tor-0.4.7.12-1.mga9.src.rpm => tor-0.4.5.12-1.mga8.src.rpmAssignee: jani.valimaa => qa-bugs
Debian has issued an advisory for this on January 16: https://www.debian.org/security/2023/dsa-5320
Summary: tor new security issue TROVE-2022-002 => tor new security issue TROVE-2022-002 (CVE-2023-23589)
CC: (none) => mageia
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Used via bug 30005 the wiki page https://wiki.mageia.org/en/The_Onion_Router, and my previous test from bug 29136. It's a pity the Wiki does not show up from the wiki link in http://madb.mageia.org/tools/updates/ Anyway: # systemctl start tor ]# systemctl -l status tor ● tor.service - Anonymizing overlay network for TCP Loaded: loaded (/usr/lib/systemd/system/tor.service; disabled; vendor preset: disabled) Active: active (running) since Thu 2023-01-19 10:33:40 CET; 19s ago Process: 9086 ExecStartPre=/usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/t> Main PID: 9087 (tor) Tasks: 1 (limit: 4364) Memory: 43.1M CPU: 8.015s CGroup: /system.slice/tor.service └─9087 /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/defaults-torrc -f /etc/tor/torrc Jan 19 10:33:38 mach7.hviaene.thuis tor[9086]: Jan 19 10:33:38.026 [notice] Read configuration file "/usr/share/tor/> Jan 19 10:33:38 mach7.hviaene.thuis tor[9086]: Jan 19 10:33:38.027 [notice] Read configuration file "/etc/tor/torrc". Jan 19 10:33:38 mach7.hviaene.thuis tor[9086]: Configuration was valid Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Tor 0.4.5.16 running on Linux with Libev> Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Tor can't help you if you use it wrong! > Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Read configuration file "/usr/share/tor/> Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.153 [notice] Read configuration file "/etc/tor/torrc". Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.168 [notice] Opening Socks listener on 127.0.0.1:9050 Jan 19 10:33:38 mach7.hviaene.thuis tor[9087]: Jan 19 10:33:38.168 [notice] Opened Socks listener connection (ready)> Jan 19 10:33:40 mach7.hviaene.thuis systemd[1]: Started Anonymizing overlay network for TCP. In firefox open Settings - General - Network Settings and enter localhost port 9050 for Manual proxy configuration set on - Socks host Then navigate to https://check.torproject.org/ and get success. Reset Settings - General - Network Settings to Use sysyem proxy settings, adnd refresh the tor page and get "Sorry. You are not using Tor." OK for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Good point Herman. I now renamed the page (and French one), adding "Tor" to the title. (and updated links to them.) The page is now listed from the wiki link in http://madb.mageia.org/tools/updates/ after pressing "Content pages" on the search page.
CC: (none) => fri
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0017.html
Status: NEW => RESOLVEDResolution: (none) => FIXED