| Summary: |
<net-misc/tor-0.2.8.12: Remote DoS via parsing problem |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
minor
|
CC: |
blueness
|
| Priority: |
Normal
|
Flags: |
stable-bot:
sanity-check+
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://bugzilla.redhat.com/show_bug.cgi?id=1406314
|
| Whiteboard: |
B3 [noglsa] |
|
Package list:
|
=net-misc/tor-0.2.8.12
|
Runtime testing required:
|
---
|
|---|
| Bug Depends on: |
605878
|
|
|
| Bug Blocks: |
|
|
|
From ${URL} : It was found that there is an issue with parsing that could ause clients to read a single byte past the end of an allocated region. This bug could be used to cause hardened clients (built with --enable-expensive-hardening) to crash if they tried to visit a hostile hidden service. Non-hardened clients are only affected depending on the details of their platform's memory allocator. External References: https://lists.torproject.org/pipermail/tor-announce/2016-December/000122.html Upstream patch: https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.