Summary: | <net-vpn/tor-0.4.7.8: triggerable congestion control performance drop | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ajak, sam |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://lists.torproject.org/pipermail/tor-packagers/2022-June/000133.html | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 852824 | ||
Bug Blocks: |
Description
John Helmert III
2022-06-17 18:14:38 UTC
(In reply to John Helmert III from comment #0) > "Sorry for the short notice but we had to act fast on this one. Either today > or > tomorrow, we'll release 0.4.7.8 with an important security fix. This is > tracked with TROVE-2022-001[0] and at the moment considered "High" severity." > > Please bump to 0.4.7.8. Its in the tree and the stabilization bug has been filed. (In reply to Anthony Basile from comment #1) > (In reply to John Helmert III from comment #0) > > "Sorry for the short notice but we had to act fast on this one. Either today > > or > > tomorrow, we'll release 0.4.7.8 with an important security fix. This is > > tracked with TROVE-2022-001[0] and at the moment considered "High" severity." > > > > Please bump to 0.4.7.8. > > Its in the tree and the stabilization bug has been filed. Thanks! From release notes: " o Major bugfixes (congestion control, TROVE-2022-001): - Fix a scenario where RTT estimation can become wedged, seriously degrading congestion control performance on all circuits. This impacts clients, onion services, and relays, and can be triggered remotely by a malicious endpoint. Tracked as CVE-2022-33903. Fixes bug 40626; bugfix on 0.4.7.5-alpha." GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=464847c4e70c07cfb07a8715f613e418da18698e commit 464847c4e70c07cfb07a8715f613e418da18698e Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-05-03 09:53:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-03 09:54:23 +0000 [ GLSA 202305-11 ] Tor: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/808681 Bug: https://bugs.gentoo.org/852821 Bug: https://bugs.gentoo.org/890618 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202305-11.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) |