Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 501212 - <net-misc/tor-0.2.3.23-rc: Denial of Service (CVE-2012-{2249,2250})
Summary: <net-misc/tor-0.2.3.23-rc: Denial of Service (CVE-2012-{2249,2250})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-13 15:41 UTC by GLSAMaker/CVETool Bot
Modified: 2014-02-13 15:42 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-02-13 15:41:24 UTC 
CVE-2012-2250 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2250):
  Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service
  (assertion failure and daemon exit) by performing link protocol negotiation
  incorrectly.

CVE-2012-2249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2249):
  Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service
  (assertion failure and daemon exit) via a renegotiation attempt that occurs
  after the initiation of the V3 link protocol.


Just filing for tracking, nothing to see here.
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2014-02-13 15:42:39 UTC 
Haven't had a version affected by this in-tree for over two years. Closing noglsa.