From oss-security: Hi, from the tor release notes[0]: Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes: - Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha. I have not seen CVE ids for these issues. Can you assign ids for them? [0] https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
Is ok to stabilize 0.2.2.39 ?
Please begin stabilization. I'll take care of arm/ppc/ppc64 TARGET: amd64 arm ppc ppc64 sparc x86
stable arm ppc ppc64
x86 stable
amd64 stable
sparc stable
Thanks everyone, @security, please vote.
CVE-2012-4922 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4922): The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419. CVE-2012-4419 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4419): The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.
GLSA vote: yes.
GLSA Vote: yes. Added to existing request.
This issue was resolved and addressed in GLSA 201301-03 at http://security.gentoo.org/glsa/glsa-201301-03.xml by GLSA coordinator Sean Amoss (ackle).
