PT-2026-36286 · Opensuse · Tor

Published

2026-04-20

·

Updated

2026-04-20

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This update for tor fixes the following issues:
Changes in tor:
  • update to 0.4.8.23:
  • Fix a memory compare using the wrong length. This could lead to a remote crash when using the conflux subsystem (TROVE-2026-004, boo#1262302)
  • Fix a series of defense in depth security issues found across the codebase
  • Regenerate fallback directories generated on March 25, 2026.
  • Update the geoip files to match the IPFire Location Database, as retrieved on 2026/03/25.
  • includes changes from 0.4.8.22:
  • Avoid an out-of-bounds read error that could occur with V1-formatted EXTEND cells (TROVE-2025-016, boo#1262301)
  • Allow old clients to fetch the consensus even if they use version 0 of the SENDME protocol
  • Do not check for compression bombs for buffers smaller than 5MB (increased from 64 KB)
  • Improvements to directory server statistics
  • update to 0.4.8.21:
  • This release is a continuation of the previous one and addresses additional Conflux-related issues identified through further testing and feedback from relay operators. We strongly recommend upgrading as soon as possible.
  • Major bugfixes (conflux, exit):
  • When dequeuing out-of-order conflux cells, the circuit could be close in between two dequeue which could lead to a mishandling of a NULL pointer. Fixes bug 41162;
  • Add -mbranch-protection=standard for arm64.
  • Regenerate fallback directories generated on November
  • Update the geoip files to match the IPFire Location Database, as retrieved on 2025/11/17.
  • Fix a bug causing the initial tor process to hang intead of exiting with RunAsDaemon, when pluggable transports are used.
  • 0.4.8.20
  • Add a new hardening compiler flag -fcf-protection=full
  • Fix the root cause of some conflux fragile asserts
  • Fix a series of conflux edge cases
  • 0.4.8.19
  • Fix some clients not being able to connect to LibreSSL relays
  • Improve stream flow control performance
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

OPENSUSE-SU-2026:20589-1

Affected Products

Tor