http://bugzilla.opensuse.org/show_bug.cgi?id=1083846 Bug ID: 1083846 Summary: VUL-0: CVE-2018-0491: tor: use-after-free in KIST scheduler remote relay DoS Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/201159/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: astieger@suse.com Reporter: astieger@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: ---
From https://lists.torproject.org/pipermail/tor-announce/2018-March/000152.html
TROVE-2018-002 affects relays running all 0.3.2.x, versions, as well as 0.3.3.1-alpha. (Because we have found that it can be remotely triggered, we are backporting it and upgrading its severity.) It is a use-after-free bug in the KIST scheduler code, which an attacker can use to cause a relay to crash. Use-after-free bugs can sometimes be turned into worse attacks: we strongly recommend that all relays running 0.3.2.x (or 0.3.3.1-alpha) should upgrade to one of the versions released today. This issue does not affect other versions, and does not affect clients. Relays running 0.3.2.x SHOULD upgrade to one of the versions released today, for the fix to TROVE-2018-002. o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha): - Avoid adding the same channel twice in the KIST scheduler pending list, which could lead to remote denial-of-service use-after-free attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha. References: https://trac.torproject.org/projects/tor/ticket/24700 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0491 -- You are receiving this mail because: You are on the CC list for the bug.