Summary: | <net-misc/tor-0.2.0.35 and <net-misc/tor-0.2.1.16_rc: DoS, Spoofing (CVE-2009-{2425,2426}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fauli, humpback |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://archives.seul.org/or/announce/Jun-2009/msg00000.html | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-06-27 18:38:41 UTC
Dear arches please stabilise net-misc/tor-0.2.0.35.ebuild Target KEYWORDS="amd64 ppc ppc64 sparc x86 ~x86-fbsd x86 already done. This also affects net-misc/tor-0.2.1.15_rc which was hard masked in the tree...now also bumped amd64 stable sparc stable ppc64 done CVE-2009-2425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2425): Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor. CVE-2009-2426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2426): The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information. Marked ppc stable, closing since we're the last arch. (In reply to comment #7) > Marked ppc stable, closing since we're the last arch. > Please don't close security bugs after stabling, thanks :) GLSA voting: NO. NO, too. Closing. |