tor 0.2.7.6-1ubuntu1 has memory-access severe bug TROVE-2016-10-001

Bug #1662548 reported by Chad Miller on 2017-02-07
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Tor
Unknown
Unknown
tor (Ubuntu)
Critical
Chad Miller
Trusty
Undecided
Unassigned
Xenial
Undecided
Unassigned
Yakkety
Undecided
Unassigned

Bug Description

A buffer overrun can crash Tor 0.2.4.27 (trusty), 0.2.7.6 (xenial), 0.2.8.8 (yakkety) causing d-o-s.

Tor treats "the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening."

Chad Miller (cmiller) wrote :

This is TROVE-2016-10-001 .

Changed in tor (Ubuntu):
assignee: nobody → Chad Miller (cmiller)
status: New → Confirmed
importance: Undecided → Critical
milestone: none → trusty-updates
milestone: trusty-updates → none
Chad Miller (cmiller) on 2017-02-07
affects: vidalia → tor
Robie Basak (racb) wrote :

Zesty has 0.2.9.10-1ubuntu1. I think this might mean that this issue is fixed in Zesty? It isn't clear to me.

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in tor (Ubuntu Trusty):
status: New → Confirmed
Changed in tor (Ubuntu Xenial):
status: New → Confirmed
Changed in tor (Ubuntu Yakkety):
status: New → Confirmed
Otus (jan-varho) wrote :

0.2.7 is also unsupported since August 1: https://blog.torproject.org/blog/tor-0315-alpha-released

Simon Déziel (sdeziel) wrote :

Tor 0.2.9.11 is now in Xenial and Zesty, marking Xenial as fix released.

Changed in tor (Ubuntu Xenial):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.