OpenSuSE has issued an advisory today (December 7):
Cauldron is not affected as it was fixed upstream in 0.2.3.25.
Patched package uploaded for Mageia 2.
Patch checked into Mageia 1 SVN.
Updated tor package fixes security vulnerability:
Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when
handling SENDME cells and can be exploited to cause excessive consumption of
memory resources within an entry node (SA51329, CVE-2012-5573).
Updated packages in core/updates_testing:
Testing using the procedure here: https://bugs.mageia.org/show_bug.cgi?id=3953#c4
mga2 64 complete
mga2 32 complete
Advisory & srpm in comment 0
Could sysadmin please push from core/updates_testing to core/updates
has_procedure mga2-64-OK =>
has_procedure mga2-32-OK mga2-64-OK