tor from 0.4.5.8 before 0.4.6.8 would log v2 onion services access attempt warnings on disk excessively, allowing time-correlation. o Minor bugfixes (onion service, TROVE-2021-008): - Only log v2 access attempts once total, in order to not pollute the logs with warnings and to avoid recording the times on disk when v2 access was attempted. Note that the onion address was _never_ logged. This counts as a Low-severity security issue. Fixes bug 40474; bugfix on 0.4.5.8. References: https://gitlab.torproject.org/tpo/core/tor/-/issues/40474 https://gitlab.torproject.org/tpo/core/tor/-/commit/602dcd8e3774b09242787ba3b0f0e0599530638a
Created tor tracking bugs for this issue: Affects: epel-all [bug 2025097] Affects: fedora-all [bug 2025096]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.