From oss-security at $URL:
Tor upstream has recently released v0.2.2.38 version, correcting three security flaws:
1) tor: Read from freed memory and double free by processing failed DNS request Upstream ticket: [1] https://trac.torproject.org/projects/tor/ticket/6480
Relevant patch: [2] https://gitweb.torproject.org/tor.git/commitdiff/62637fa22405278758febb1743da9af562524d4c
References: [3] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [4] https://bugzilla.novell.com/show_bug.cgi?id=776642 [5] https://bugzilla.redhat.com/show_bug.cgi?id=849949
2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name Upstream ticket: [6] https://trac.torproject.org/projects/tor/ticket/6530
Relevant patches: [7] https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f [8] https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546
References: [9] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [10] https://bugzilla.novell.com/show_bug.cgi?id=776642 Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).
3) tor: Client's relays path information leak Upstream ticket: [11] https://trac.torproject.org/projects/tor/ticket/6537
Relevant patches: [12] https://gitweb.torproject.org/tor.git/commitdiff/308f6dad20675c42b29862f4269ad1fbfb00dc9a [13] https://gitweb.torproject.org/tor.git/commitdiff/d48cebc5e498b0ae673635f40fc57cdddab45d5b
References: [14] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [15] https://bugzilla.novell.com/show_bug.cgi?id=776642
From oss-security at $URL:
Tor upstream has recently released v0.2.2.38 version, correcting three
security flaws:
1) tor: Read from freed memory and double free by processing failed DNS request /trac.torprojec t.org/projects/ tor/ticket/ 6480
Upstream ticket:
[1] https:/
Relevant patch: /gitweb. torproject. org/tor. git/commitdiff/ 62637fa22405278 758febb1743da9a f562524d4c
[2] https:/
References: /lists. torproject. org/pipermail/ tor-announce/ 2012-August/ 000086. html /bugzilla. novell. com/show_ bug.cgi? id=776642 /bugzilla. redhat. com/show_ bug.cgi? id=849949
[3] https:/
[4] https:/
[5] https:/
2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name /trac.torprojec t.org/projects/ tor/ticket/ 6530
Upstream ticket:
[6] https:/
Relevant patches: /gitweb. torproject. org/tor. git/commitdiff/ 57e35ad3d917248 82c345ac709666a 551a977f0f /gitweb. torproject. org/tor. git/commitdiff/ 55f635745afacef ffdaafc72cc176c a7ab817546
[7] https:/
[8] https:/
References: /lists. torproject. org/pipermail/ tor-announce/ 2012-August/ 000086. html /bugzilla. novell. com/show_ bug.cgi? id=776642
[9] https:/
[10] https:/
Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).
3) tor: Client's relays path information leak /trac.torprojec t.org/projects/ tor/ticket/ 6537
Upstream ticket:
[11] https:/
Relevant patches: /gitweb. torproject. org/tor. git/commitdiff/ 308f6dad20675c4 2b29862f4269ad1 fbfb00dc9a /gitweb. torproject. org/tor. git/commitdiff/ d48cebc5e498b0a e673635f40fc57c dddab45d5b
[12] https:/
[13] https:/
References: /lists. torproject. org/pipermail/ tor-announce/ 2012-August/ 000086. html /bugzilla. novell. com/show_ bug.cgi? id=776642
[14] https:/
[15] https:/