A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error within the "policy_summarize()" function in src/or/policies.c, which can be exploited to crash a Tor directory authority.
The vulnerability is reported in versions prior to 0.2.1.30.
Update to version 0.2.1.30.
Provided and/or discovered by
The vendor credits piebeer.
Maintainers, is it OK to stabilize net-misc/tor-0.2.1.30?
To speed up the process, feel free to CC arches and add the STABLEREQ keyword yourself (and change the status whiteboard from "stable?" to "stable").
Yes, it is ready for stabilization.
Sorry, still getting used to new bugzilla ... added arches.
Looks also good here on x86.
amd64 done, thanks Agostino
x86 stable. Thanks Andreas.
Thanks, everyone. GLSA Vote: Yes.
Vulnerable versions (tor-0.2.1.29 and tor-0.2.1.29-r1) removed from tree.
GLSA vote: NO
Vote: yes, added to existing GLSA.
Buffer overflow in the policy_summarize function in or/policies.c in Tor
before 0.2.1.30 allows remote attackers to cause a denial of service
(directory authority crash) via a crafted policy that triggers creation of a
long port list.
no clue why bsd is in cc
This issue was resolved and addressed in
GLSA 201110-13 at http://security.gentoo.org/glsa/glsa-201110-13.xml
by GLSA coordinator Tim Sammut (underling).