Bug ID 1083846
Summary VUL-0: CVE-2018-0491: tor: use-after-free in KIST scheduler remote relay DoS
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware Other
URL https://smash.suse.de/issue/201159/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee astieger@suse.com
Reporter astieger@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker --- 

From https://lists.torproject.org/pipermail/tor-announce/2018-March/000152.html

TROVE-2018-002 affects relays running all 0.3.2.x, versions, as well
as 0.3.3.1-alpha. (Because we have found that it can be remotely
triggered, we are backporting it and upgrading its severity.)  It is a
use-after-free bug in the KIST scheduler code, which an attacker can
use to cause a relay to crash.  Use-after-free bugs can sometimes be
turned into worse attacks: we strongly recommend that all relays
running 0.3.2.x (or 0.3.3.1-alpha) should upgrade to one of the
versions released today.  This issue does not affect other versions,
and does not affect clients.

  Relays running 0.3.2.x SHOULD upgrade to one of the versions released
  today, for the fix to TROVE-2018-002.


  o Major bugfixes (scheduler, KIST, denial-of-service, backport from
0.3.3.2-alpha):
    - Avoid adding the same channel twice in the KIST scheduler pending
      list, which could lead to remote denial-of-service use-after-free
      attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.

References:
https://trac.torproject.org/projects/tor/ticket/24700
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0491

You are receiving this mail because: