From Secunia: 1) An error exists when parsing certain malformed router descriptors and can be exploited to crash Tor via specially crafted router descriptors. 2) An error within the "connection_edge_process_relay_cell_not_open()" function in src/or/relay.c can be exploited by malicious exit relays to spoof that a client's DNS request resolves to an internal IP address. The vulnerabilities are reported in versions prior to 0.2.0.35. Other versions may also be affected.
Dear arches please stabilise net-misc/tor-0.2.0.35.ebuild Target KEYWORDS="amd64 ppc ppc64 sparc x86 ~x86-fbsd x86 already done.
This also affects net-misc/tor-0.2.1.15_rc which was hard masked in the tree...now also bumped
amd64 stable
sparc stable
ppc64 done
CVE-2009-2425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2425): Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. CVE-2009-2426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2426): The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.
Marked ppc stable, closing since we're the last arch.
(In reply to comment #7) > Marked ppc stable, closing since we're the last arch. > Please don't close security bugs after stabling, thanks :) GLSA voting: NO.
NO, too. Closing.
