Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 432188 (CVE-2012-3517) - <net-misc/tor- : Multiple vulnerabilites (CVE-2012-{3517,3518,3519})
Summary: <net-misc/tor- : Multiple vulnerabilites (CVE-2012-{3517,3518,3519})
Alias: CVE-2012-3517
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2012-08-21 12:49 UTC by Agostino Sarubbo
Modified: 2013-01-09 00:29 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-08-21 12:49:46 UTC
From oss-security at $URL:

Tor upstream has recently released v0.2.2.38 version, correcting three
security flaws:

1) tor: Read from freed memory and double free by processing failed DNS request
   Upstream ticket:

   Relevant patch:


2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name
   Upstream ticket:

   Relevant patches:

   Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).

3) tor: Client's relays path information leak
   Upstream ticket:

   Relevant patches:

Comment 1 Agostino Sarubbo gentoo-dev 2012-08-21 12:51:32 UTC
@blueness, can go to stable?
Comment 2 Anthony Basile gentoo-dev 2012-08-21 13:13:30 UTC
(In reply to comment #1)
> @blueness, can go to stable?

Comment 3 Tim Sammut (RETIRED) gentoo-dev 2012-08-21 14:38:25 UTC
(In reply to comment #2)
> (In reply to comment #1)
> > @blueness, can go to stable?
> Yes.

Thank you.

Arches, please test and mark stable:
Target keywords : "amd64 arm ppc ppc64 sparc x86"
Comment 4 Agostino Sarubbo gentoo-dev 2012-08-21 14:48:52 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2012-08-21 15:02:19 UTC
amd64 stable
Comment 6 Anthony Basile gentoo-dev 2012-08-21 20:56:16 UTC
Stable arm ppc ppc64
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2012-08-26 14:37:13 UTC
sparc stable
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2012-08-26 15:10:17 UTC
Thanks, folks. GLSA Vote: yes.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-08-27 07:49:00 UTC
CVE-2012-3519 (
  routerlist.c in Tor before uses a different amount of time for
  relay-list iteration depending on which relay is chosen, which might allow
  remote attackers to obtain sensitive information about relay selection via a
  timing side-channel attack.

CVE-2012-3518 (
  The networkstatus_parse_vote_from_string function in routerparse.c in Tor
  before does not properly handle an invalid flavor name, which
  allows remote attackers to cause a denial of service (out-of-bounds read and
  daemon crash) via a crafted (1) vote document or (2) consensus document.

CVE-2012-3517 (
  Use-after-free vulnerability in dns.c in Tor before might allow
  remote attackers to cause a denial of service (daemon crash) via vectors
  related to failed DNS requests.
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-09-19 10:39:16 UTC
GLSA vote: yes.

GLSA request filed.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2013-01-09 00:29:36 UTC
This issue was resolved and addressed in
 GLSA 201301-03 at
by GLSA coordinator Sean Amoss (ackle).