<tor-0.2.2.38 : Multiple vulnerabilites
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Gentoo Linux |
Fix Released
|
Low
|
|||
tor (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Won't Fix
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Tor upstream has recently released v0.2.2.38 version, correcting three
security flaws:
1) tor: Read from freed memory and double free by processing failed DNS request
Upstream ticket:
[1] https:/
Relevant patch:
[2] https:/
References:
[3] https:/
[4] https:/
[5] https:/
2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name
Upstream ticket:
[6] https:/
Relevant patches:
[7] https:/
[8] https:/
References:
[9] https:/
[10] https:/
Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).
3) tor: Client's relays path information leak
Upstream ticket:
[11] https:/
Relevant patches:
[12] https:/
[13] https:/
References:
[14] https:/
[15] https:/
tags: | added: upgrade-software-version |
Changed in tor (Ubuntu): | |
status: | New → Confirmed |
Changed in gentoo: | |
importance: | Unknown → Low |
Changed in tor (Ubuntu Precise): | |
status: | New → Confirmed |
status: | Confirmed → Triaged |
visibility: | private → public |
Changed in gentoo: | |
status: | Unknown → Fix Released |
From oss-security at $URL:
Tor upstream has recently released v0.2.2.38 version, correcting three
security flaws:
1) tor: Read from freed memory and double free by processing failed DNS request /trac.torprojec t.org/projects/ tor/ticket/ 6480
Upstream ticket:
[1] https:/
Relevant patch: /gitweb. torproject. org/tor. git/commitdiff/ 62637fa22405278 758febb1743da9a f562524d4c
[2] https:/
References: /lists. torproject. org/pipermail/ tor-announce/ 2012-August/ 000086. html /bugzilla. novell. com/show_ bug.cgi? id=776642 /bugzilla. redhat. com/show_ bug.cgi? id=849949
[3] https:/
[4] https:/
[5] https:/
2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name /trac.torprojec t.org/projects/ tor/ticket/ 6530
Upstream ticket:
[6] https:/
Relevant patches: /gitweb. torproject. org/tor. git/commitdiff/ 57e35ad3d917248 82c345ac709666a 551a977f0f /gitweb. torproject. org/tor. git/commitdiff/ 55f635745afacef ffdaafc72cc176c a7ab817546
[7] https:/
[8] https:/
References: /lists. torproject. org/pipermail/ tor-announce/ 2012-August/ 000086. html /bugzilla. novell. com/show_ bug.cgi? id=776642
[9] https:/
[10] https:/
Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).
3) tor: Client's relays path information leak /trac.torprojec t.org/projects/ tor/ticket/ 6537
Upstream ticket:
[11] https:/
Relevant patches: /gitweb. torproject. org/tor. git/commitdiff/ 308f6dad20675c4 2b29862f4269ad1 fbfb00dc9a /gitweb. torproject. org/tor. git/commitdiff/ d48cebc5e498b0a e673635f40fc57c dddab45d5b
[12] https:/
[13] https:/
References: /lists. torproject. org/pipermail/ tor-announce/ 2012-August/ 000086. html /bugzilla. novell. com/show_ bug.cgi? id=776642
[14] https:/
[15] https:/