OpenSuSE has issued an advisory today (December 7): http://lists.opensuse.org/opensuse-updates/2012-12/msg00018.html Cauldron is not affected as it was fixed upstream in 0.2.3.25. Patched package uploaded for Mageia 2. Patch checked into Mageia 1 SVN. Advisory: ======================== Updated tor package fixes security vulnerability: Denial of Service vulnerability in Tor before 0.2.3.25, due to an error when handling SENDME cells and can be exploited to cause excessive consumption of memory resources within an entry node (SA51329, CVE-2012-5573). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573 https://secunia.com/advisories/51329/ https://trac.torproject.org/projects/tor/ticket/6252 http://lists.opensuse.org/opensuse-updates/2012-12/msg00018.html ======================== Updated packages in core/updates_testing: ======================== tor-0.2.2.39-2.1.mga2 from tor-0.2.2.39-2.1.mga2.src.rpm
No PoC. Testing using the procedure here: https://bugs.mageia.org/show_bug.cgi?id=3953#c4 mga2 64 complete
Whiteboard: (none) => has_procedure mga2-64-OK
mga2 32 complete Validating Advisory & srpm in comment 0 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Whiteboard: has_procedure mga2-64-OK => has_procedure mga2-32-OK mga2-64-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
URL: (none) => http://lwn.net/Vulnerabilities/528437/
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED