From secunia: 1) The application does not properly drop privileges to the primary groups of the user specified via the "User" parameter. This may result in the tor process running with higher privileges than intended. Note: This may affect UNIX like operating systems only. 2) The "ClientDNSRejectInternalAddresses" configuration option is not always enforced, which weakens the security and could open a vector for further attacks. SOLUTION: Update to version 0.2.0.32. https://www.torproject.org/download.html PROVIDED AND/OR DISCOVERED BY: 1) Theo de Raadt 2) rovv ORIGINAL ADVISORY: http://blog.torproject.org/blog/tor-0.2.0.32-released
Please provide the newest ebuild..
New version is in the tree, thanks mabi. Arches please stabilise net-misc/tor-0.2.0.32 target KEYWORDS are: amd64 ppc ppc64 sparc x86 ~x86-fbsd Sparc, please check if bug 246483 is still relevant. I removed the patch from 0.2.0.31 as upstream mentions the bug in its ChangeLog. security team, I could not find a CVE assigned.
amd64 stable
ppc stable
x86 stable
ppc64 stable
sparc stable (In reply to comment #2) > Sparc, please check if bug 246483 is still relevant. I removed the patch from > 0.2.0.31 as upstream mentions the bug in its ChangeLog. All good
Ready for vote, I vote YES.
Handling CVE-2008-5398 also here, because the same versions are affected and this bug fixes CVE-2008-5398, too.
CVE-2008-5397: Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process. CVE-2008-5398: Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.
Yes, too. Request filed.
(In reply to comment #11) > Yes, too. Request filed. Can I help to prepare the GLSA? Or what is the status?
(In reply to comment #12) > (In reply to comment #11) > > Yes, too. Request filed. > > Can I help to prepare the GLSA? Or what is the status? > Just the request currently, a draft would be highly appreciated. :/
higher version needed, see bug #258833
GLSA 200904-11