919496 – (TROVE-2023-007) <net-vpn/tor-0.4.8.10: high severity issue in exit relays supporting conflux

Bug 919496 (TROVE-2023-007) - <net-vpn/tor-0.4.8.10: high severity issue in exit relays supporting conflux

Summary: <net-vpn/tor-0.4.8.10: high severity issue in exit relays supporting conflux

Status:	RESOLVED FIXED

Alias:	TROVE-2023-007

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:
Whiteboard:	~3 [noglsa]
Keywords:	PullRequest

Depends on:
Blocks:

Reported:	2023-12-09 06:55 UTC by Federico Justus Denkena
Modified:	2023-12-09 18:13 UTC (History)
CC List:	3 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/34188
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Federico Justus Denkena 2023-12-09 06:55:30 UTC

Tor relays before version 0.4.8.10 have a high severity issue in conflux circuit building. Recommended to immediately upgrade the packages in gentoo and drop affected versions.
See: https://forum.torproject.org/t/security-release-0-4-8-10/10536

Comment 1 Federico Justus Denkena 2023-12-09 06:56:42 UTC

Major bugfixes (TROVE-2023-007, exit):
    - Improper error propagation from a safety check in conflux leg
      linking lead to a desynchronization of which legs were part of a
      conflux set, ultimately causing a UAF and NULL pointer dereference
      crash on Exit relays. Fixes bug 40897; bugfix on 0.4.8.1-alpha.

Comment 2 Larry the Git Cow gentoo-dev

2023-12-09 18:11:04 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7aa526519c97de1127e0b98ed84fe7eef346c37b

commit 7aa526519c97de1127e0b98ed84fe7eef346c37b
Author:     Federico Justus Denkena <federico.denkena@posteo.de>
AuthorDate: 2023-12-09 09:34:30 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-12-09 18:06:10 +0000

    net-vpn/tor: add 0.4.8.10
    
    Bug: https://bugs.gentoo.org/919496
    Signed-off-by: Federico Justus Denkena <federico.denkena@posteo.de>
    Closes: https://github.com/gentoo/gentoo/pull/34188
    Signed-off-by: Sam James <sam@gentoo.org>

 net-vpn/tor/Manifest            |   3 +
 net-vpn/tor/tor-0.4.8.10.ebuild | 177 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 180 insertions(+)

Comment 3 Sam James archtester

2023-12-09 18:11:36 UTC

~arch -> noglsa

Comment 4 Larry the Git Cow gentoo-dev

2023-12-09 18:12:57 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ac7454ec1e9bb9b859320cf3df6ee6fdf58c780

commit 0ac7454ec1e9bb9b859320cf3df6ee6fdf58c780
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2023-12-09 18:11:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-12-09 18:12:33 +0000

    net-vpn/tor: drop 0.4.8.9
    
    Bug: https://bugs.gentoo.org/919496
    Signed-off-by: Sam James <sam@gentoo.org>

 net-vpn/tor/Manifest           |   3 -
 net-vpn/tor/tor-0.4.8.9.ebuild | 177 -----------------------------------------
 2 files changed, 180 deletions(-)