Security Information / 2012 / Security Information -- DSA-2548-1 tor

Debian Security Advisory

DSA-2548-1 tor -- several vulnerabilities

Date Reported:

13 Sep 2012

Affected Packages:

tor

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-3518, CVE-2012-3519, CVE-2012-4419.

More information:

Several vulnerabilities have been discovered in Tor, an online privacy tool.

• CVE-2012-3518

  Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service.

• CVE-2012-3519

  Try to leak less information about what relays a client is choosing to a side-channel attacker.

• CVE-2012-4419

  By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down.

Additionally the update to stable includes the following fixes: when waiting for a client to renegotiate, don't allow it to add any bytes to the input buffer. This fixes a potential DoS issue [tor-5934, tor-6007].

For the stable distribution (squeeze), these problems have been fixed in version 0.2.2.39-1.

For the unstable distribution, these problems have been fixed in version 0.2.3.22-rc-1.

We recommend that you upgrade your tor packages.