649698 – (CVE-2018-0490) <net-vpn/tor-{0.3.1.10, 0.3.2.10}: Null-pointer crash in directory authority protocol list code

Bug 649698 (CVE-2018-0490) - <net-vpn/tor-{0.3.1.10, 0.3.2.10}: Null-pointer crash in directory authority protocol list code

Summary: <net-vpn/tor-{0.3.1.10, 0.3.2.10}: Null-pointer crash in directory authority ...

Status:	RESOLVED FIXED

Alias:	CVE-2018-0490

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://trac.torproject.org/projects/...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-03-05 22:20 UTC by Dimitris Nakos (sokan)
Modified:	2018-04-18 11:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=net-vpn/tor-0.3.1.10
Runtime testing required:	No

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dimitris Nakos (sokan) 2018-03-05 22:20:55 UTC

An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting. 

=net-vpn/tor-0.3.1.10 is already in tree, please call for stabilization if ready.

- Gentoo Security Padawan -

Comment 1 Aaron Bauman (RETIRED) gentoo-dev

2018-03-25 19:59:44 UTC

@arches, please stabilize.

Comment 2 Anthony Basile gentoo-dev

2018-03-26 01:20:58 UTC

(In reply to Aaron Bauman from comment #1)
> @arches, please stabilize.

KEYWORDS="amd64 arm ppc ppc64 x86"

Comment 3 Larry the Git Cow gentoo-dev

2018-03-29 01:11:19 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6fbf3f0c06653c60e94b243f8410b2a202fe4b5

commit d6fbf3f0c06653c60e94b243f8410b2a202fe4b5
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-03-29 01:10:38 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-03-29 01:10:38 +0000

    net-vpn/tor: amd64 stable
    
    Bug: https://bugs.gentoo.org/649698
    Package-Manager: Portage-2.3.26, Repoman-2.3.7

 net-vpn/tor/tor-0.3.1.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2018-03-29 14:54:47 UTC

x86 stable

Comment 5 Markus Meier gentoo-dev

2018-04-08 10:55:08 UTC

arm stable

Comment 6 ernsteiswuerfel archtester

2018-04-13 14:26:17 UTC

FAIL: src/test/test_bt.sh on ppc (see bug #653098)

Comment 7 Larry the Git Cow gentoo-dev

2018-04-15 19:48:33 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=351ec55cfdad8f6632820f0faa5180c8dee6c0f6

commit 351ec55cfdad8f6632820f0faa5180c8dee6c0f6
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-15 19:48:24 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-15 19:48:24 +0000

    net-vpn/tor: stable 0.3.1.10 for ppc64, bug #649698
    
    Bug: https://bugs.gentoo.org/649698
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 net-vpn/tor/tor-0.3.1.10.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}

Comment 8 Anthony Basile gentoo-dev

2018-04-18 06:09:04 UTC

(In reply to ernsteiswuerfel from comment #6)
> FAIL: src/test/test_bt.sh on ppc (see bug #653098)

i've masked tests on ppc resolving bug #653098.  i've stabilized on ppc.

@security - all arches are stable and the vulnerable versions are off the tree.

Comment 9 Aaron Bauman (RETIRED) gentoo-dev

2018-04-18 11:26:40 UTC

GLSA Vote: No