https://bugzilla.novell.com/show_bug.cgi?id=780620 https://bugzilla.novell.com/show_bug.cgi?id=780620#c0 Summary: tor CVE-2012-4419 update to 0.2.2.39 fixes two opportunities for remotely triggerable assertions Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20100101 Firefox/15.0 https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes Changes in version 0.2.2.39 - 2012-09-11 Tor 0.2.2.39 fixes two more opportunities for remotely triggerable assertions. o Security fixes: - Fix an assertion failure in tor_timegm() that could be triggered by a badly formatted directory object. Bug found by fuzzing with Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc. - Do not crash when comparing an address with port value 0 to an address policy. This bug could have been used to cause a remote assertion failure by or against directory authorities, or to allow some applications to crash clients. Fixes bug 6690; bugfix on 0.2.1.10-alpha.
From http://seclists.org/oss-sec/2012/q3/454 CVE-2012-4419
Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.