Summary: | <net-misc/tor-0.2.1.29: Multiple vulnerabilities (CVE-2011-{0015,0016,0427,0490,0491,0492,0493}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Anthony Basile <blueness> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitweb.torproject.org/tor.git/blob/tor-0.2.1.29:/ReleaseNotes | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Anthony Basile
2011-01-17 15:51:12 UTC
Arches, please test and mark stable: =net-misc/tor-0.2.2.21_alpha Target keywords : "amd64 arm ppc ppc64 sparc x86" *** Bug 351922 has been marked as a duplicate of this bug. *** Sorry, that of course is: Arches, please test and mark stable: =net-misc/tor-0.2.1.29 Target keywords : "amd64 arm ppc ppc64 sparc x86" tor maintainers: shoulnd't an alpha version be masked? ppc/ppc64 stable (In reply to comment #3) > Sorry, that of course is: > > Arches, please test and mark stable: > =net-misc/tor-0.2.1.29 > Target keywords : "amd64 arm ppc ppc64 sparc x86" > > tor maintainers: shoulnd't an alpha version be masked? > We have the following in profiles/package.mask # Anthony G. Basile <blueness@gentoo.org> (10 Jan 2011) # Masked until libevent-2* is unmasked (bug #333077) =net-misc/tor-0.2.2* I tested and it works. amd64 ok amd64 done. Thanks Agostino x86 stable May I point you to https://bugs.gentoo.org/show_bug.cgi?id=351920 btw ? (In reply to comment #9) > May I point you to https://bugs.gentoo.org/show_bug.cgi?id=351920 btw ? > Sry, I meant https://bugs.gentoo.org/show_bug.cgi?id=347656 and especially the link to the TOR trac page. According to http://www.openwall.com/lists/oss-security/2011/01/18/7, the additional CVEs are: CVE-2011-0015 Tor zlib DoS CVE-2011-0016 Tor keys not zeroed in memory More CVE assignments for this release per http://www.openwall.com/lists/oss-security/2011/01/19/1. <-- The advisory above also has a section on crashes which the Tor developers "think are hard to exploit remotely," but still (most likely) qualify for CVE inclusion. CVE-2011-0490 - libevent CVE-2011-0491 - tor_realloc crash / "underflow errors" CVE-2011-0492 - assertion failure on specific file sizes CVE-2011-0493 - assertion failure / malformed router caches arm stable sparc stable GLSA request filed. CVE-2011-0493 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493): Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values. CVE-2011-0492 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492): Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file. CVE-2011-0491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491): The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors." CVE-2011-0490 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490): Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages. CVE-2011-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427): Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. CVE-2011-0016 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016): Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process. CVE-2011-0015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015): Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor. CVE-2011-0427 lists possible remote code execution. Rerating B1. This issue was resolved and addressed in GLSA 201110-13 at http://security.gentoo.org/glsa/glsa-201110-13.xml by GLSA coordinator Tim Sammut (underling). |