Back

openSUSE Tor Security Updates Address Multiple Vulnerabilities

Severity: High (Score: 72.5)

Sources: Linuxsecurity

Summary

openSUSE has released critical updates for the Tor software, addressing several vulnerabilities identified as CVE-2026-44597, CVE-2026-44599, CVE-2026-44600, CVE-2026-44601, CVE-2026-44602, and CVE-2026-44603. These vulnerabilities include issues such as out-of-bounds reads, null pointer dereferences, and circuit management flaws that could lead to client crashes or data exposure. The updates affect both openSUSE Backports SLE-15-SP7 and openSUSE Leap 16.0. The patches were released on May 10 and May 13, 2026, with the vulnerabilities being published on May 7, 2026. Users are advised to apply the updates promptly to mitigate potential exploitation risks. The updates introduce a new circuit-level encryption design aimed at enhancing client security. Key Points: • openSUSE released critical updates for Tor addressing multiple CVEs. • Vulnerabilities include out-of-bounds reads and null pointer dereferences. • Users are urged to apply patches immediately to prevent exploitation.

Key Entities

  • CVE-2026-44597 (cve)
  • CVE-2026-44599 (cve)
  • CVE-2026-44600 (cve)
  • CVE-2026-44601 (cve)
  • CVE-2026-44602 (cve)
  • Cwe-125 - Out-of-bounds Read (cwe)
  • Cwe-476 - NULL Pointer Dereference (cwe)
  • 157.2.9.1 (ipv4)
  • OpenSUSE (company)
  • OpenSUSE Leap 16.0 (platform)
  • Tor (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed