Hi, Secunia advises to update to version 0.1.1.20. This may also correct bug 118918 (Information disclosure). --------------------------------------------- Software: Tor 0.1.0.x Description: Some vulnerabilities and a weakness have been reported in Tor, which can be exploited by malicious people to spoof log entries, disclose certain sensitive information, and cause a DoS (Denial of Service). 1) Input strings received from the network isn't properly sanitised before being displayed. This can potentially be exploited to spoof log entries via certain non-printable characters. 2) An unspecified error in the directory server can be exploited to cause a DoS. 3) Some integer overflow errors exists when adding elements to smartlists. This can potentially be exploited to cause a buffer overflow via malicious large inputs. 4) An error in which internal circuits are picked based on the circuits having useful exit nodes, can potentially reveal certain information via statistical attacks. The vulnerabilities and weakness have been reported in versions prior to 0.1.1.20. Note: Several other issues, which may be security related, have also been fixed. Solution: Update to version 0.1.1.20. http://tor.eff.org/download.html Provided and/or discovered by: 1-3) Reported by vendor. 4) Lasse Overlier Original Advisory: http://tor.eff.org/cvs/tor/ChangeLog
Setting to B2 because of #3 : 3) Some integer overflow errors exists when adding elements to smartlists. This can potentially be exploited to cause a buffer overflow via malicious large inputs.
0.1.1.20 has entry guards so should fix bug 118918 as well.
humpback, please bump tor
Arches please test and mark 0.1.1.20 stable, thank you. Last bug activity of humpback: 132125: 2006-05-08 05:27:31 So I bumped this myself, without the untested chroot stuff.
x86 is done. Good old tor.
stable on ppc64
ppc stable
sparc stable.
amd64 staaable
GLSA 200606-04
