1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3216-1] tor security update

    From Moritz Muehlenhoff@1:229/2 to All on Mon Apr 6 23:00:02 2015
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3216-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff
    April 06, 2015 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : tor
    CVE ID : CVE-2015-2928 CVE-2015-2929

    Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system:

    CVE-2015-2928

    "disgleirio" discovered that a malicious client could trigger an
    assertion failure in a Tor instance providing a hidden service,
    thus rendering the service inaccessible.

    CVE-2015-2929

    "DonnchaC" discovered that Tor clients would crash with an
    assertion failure upon parsing specially crafted hidden service
    descriptors.

    Introduction points would accept multiple INTRODUCE1 cells on one
    circuit, making it inexpensive for an attacker to overload a hidden
    service with introductions. Introduction points now no longer allow
    multiple cells of that type on the same circuit.

    For the stable distribution (wheezy), these problems have been fixed in
    version 0.2.4.27-1.

    For the unstable distribution (sid), these problems have been fixed in
    version 0.2.5.12-1.

    For the experimental distribution, these problems have been
    fixed in version 0.2.6.7-1.

    We recommend that you upgrade your tor packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBAgAGBQJVIvK4AAoJEBDCk7bDfE42k2QP/3NUAsX06900TgPdoWUut7r0 lq+E+rRzTXpbBxiSYQ4lKfeISdVo6/JJT/RfddTDbaSqo9G0ZHVchWvISmS7khM0 LPsSFjW2v8xtmRrET5S+DM8fwCzX0ShuALAm2IFnLvyqnx2LoEUStGA8hfB9rdDK T59swVONOEPnMpKxqIuQcFvDbw3X9tkYrHgYecB+hwYrGbH+BBs2Q3JfbMHw3GYt 3htUWP7V6t4XblbiNwIKnnriWGhOuTuDcT3ftju18Zo8UuGizearZeiYg27EkmVB pPsXcLxpWgmwgD9931+iOP8PhZeNfyRq99zpOc0RjWenDLfjwxr3X2U6Ev4ZC8v8 bg6hY7MqGhC5UWCGa81jbdd+NUCI4tAfthWUCB3iXNmIsmkCfMX18kd0NXOxnLGQ 6nDW4E0GxrPOIwtRQoKOZIPX5FHXkSzE4PUgM3oTzdyxMTcU0CSyKRKQ9v6PbY6s g+gBZ93crY1o7G0Kt22T9UK8UIk/sDzuuAyB+UwYxZDaauAgStd9UKvBYtpli4ec /mIvT/C6F5XAXOP+FfaEInS1F0Q8fhtTzCmDWL1lZXuNAbDtjJyFStCIm29vlLqv RYH7qwSqjxRtd0i1X3bJqJa6HOFE2/A+HaJW7ANlhSPH+1T+mDSfPtni4ZL/Gw/a 5Vl6jLJZ5hiJP7zF4N+Z
    =Q8yM
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)