Bug ID | 1083846 |
---|---|
Summary | VUL-0: CVE-2018-0491: tor: use-after-free in KIST scheduler remote relay DoS |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.3 |
Hardware | Other |
URL | https://smash.suse.de/issue/201159/ |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | astieger@suse.com |
Reporter | astieger@suse.com |
QA Contact | security-team@suse.de |
Found By | Security Response Team |
Blocker | --- |
From https://lists.torproject.org/pipermail/tor-announce/2018-March/000152.html TROVE-2018-002 affects relays running all 0.3.2.x, versions, as well as 0.3.3.1-alpha. (Because we have found that it can be remotely triggered, we are backporting it and upgrading its severity.) It is a use-after-free bug in the KIST scheduler code, which an attacker can use to cause a relay to crash. Use-after-free bugs can sometimes be turned into worse attacks: we strongly recommend that all relays running 0.3.2.x (or 0.3.3.1-alpha) should upgrade to one of the versions released today. This issue does not affect other versions, and does not affect clients. Relays running 0.3.2.x SHOULD upgrade to one of the versions released today, for the fix to TROVE-2018-002. o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha): - Avoid adding the same channel twice in the KIST scheduler pending list, which could lead to remote denial-of-service use-after-free attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha. References: https://trac.torproject.org/projects/tor/ticket/24700 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0491