VDB
GCVE-110-MAGEIA-2014-256
GCVE-110-MAGEIA-2014-256
Advisory Published
Update to version 0.2.4.22 which solves these major and security problems:
- Block authority signing keys that were used on authorities
vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160).
- Fix a memory leak that could occur if a microdescriptor parse
fails during the tokenizing step.
- The relay ciphersuite list is now generated automatically based on
uniform criteria, and includes all OpenSSL ciphersuites with
acceptable strength and forward secrecy.
- Relays now trust themselves to have a better view than clients of
which TLS ciphersuites are better than others.
- Clients now try to advertise the same list of ciphersuites as
Firefox 28.
For other changes see the upstream change log
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | tor | 0 (affected), 0.2.4.22-1.mga4 (unaffected) | — |
| Mageia | tor | 0 (affected), 0.2.4.22-1.mga3 (unaffected) | — |
Browse GCVE Records
73,196 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.