Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 649698 (CVE-2018-0490) - <net-vpn/tor-{0.3.1.10, 0.3.2.10}: Null-pointer crash in directory authority protocol list code
Summary: <net-vpn/tor-{0.3.1.10, 0.3.2.10}: Null-pointer crash in directory authority ...
Status: RESOLVED FIXED
Alias: CVE-2018-0490
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://trac.torproject.org/projects/...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-05 22:20 UTC by Demetris Nakos (sokan)
Modified: 2018-04-18 11:26 UTC (History)
1 user (show)

See Also:
Package list:
=net-vpn/tor-0.3.1.10
Runtime testing required: No
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Demetris Nakos (sokan) 2018-03-05 22:20:55 UTC
An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. 

=net-vpn/tor-0.3.1.10 is already in tree, please call for stabilization if ready.

- Gentoo Security Padawan -
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-25 19:59:44 UTC
@arches, please stabilize.
Comment 2 Anthony Basile gentoo-dev 2018-03-26 01:20:58 UTC
(In reply to Aaron Bauman from comment #1)
> @arches, please stabilize.

KEYWORDS="amd64 arm ppc ppc64 x86"
Comment 3 Larry the Git Cow gentoo-dev 2018-03-29 01:11:19 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6fbf3f0c06653c60e94b243f8410b2a202fe4b5

commit d6fbf3f0c06653c60e94b243f8410b2a202fe4b5
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-03-29 01:10:38 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-03-29 01:10:38 +0000

    net-vpn/tor: amd64 stable
    
    Bug: https://bugs.gentoo.org/649698
    Package-Manager: Portage-2.3.26, Repoman-2.3.7

 net-vpn/tor/tor-0.3.1.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-03-29 14:54:47 UTC
x86 stable
Comment 5 Markus Meier gentoo-dev 2018-04-08 10:55:08 UTC
arm stable
Comment 6 ernsteiswuerfel 2018-04-13 14:26:17 UTC
FAIL: src/test/test_bt.sh on ppc (see bug #653098)
Comment 7 Larry the Git Cow gentoo-dev 2018-04-15 19:48:33 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=351ec55cfdad8f6632820f0faa5180c8dee6c0f6

commit 351ec55cfdad8f6632820f0faa5180c8dee6c0f6
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-15 19:48:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-15 19:48:24 +0000

    net-vpn/tor: stable 0.3.1.10 for ppc64, bug #649698
    
    Bug: https://bugs.gentoo.org/649698
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 net-vpn/tor/tor-0.3.1.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 8 Anthony Basile gentoo-dev 2018-04-18 06:09:04 UTC
(In reply to ernsteiswuerfel from comment #6)
> FAIL: src/test/test_bt.sh on ppc (see bug #653098)

i've masked tests on ppc resolving bug #653098.  i've stabilized on ppc.

@security - all arches are stable and the vulnerable versions are off the tree.
Comment 9 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-18 11:26:40 UTC
GLSA Vote: No