[Bug 776642] New: update to Tor to fix potential remote crashes and information disclosure
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c0 Summary: update to Tor to fix potential remote crashes and information disclosure Classification: openSUSE Product: openSUSE 12.2 Version: RC 2 Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: Andreas.Stieger@gmx.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1 https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html Tor 0.2.2.38 fixes a rare race condition that can crash exit relays; fixes a remotely triggerable crash bug; and fixes a timing attack that could in theory leak path information. https://www.torproject.org/download/download Changes in version 0.2.2.38 - 2012-08-12 o Security fixes: - Avoid read-from-freed-memory and double-free bugs that could occur when a DNS request fails while launching it. Fixes bug 6480; bugfix on 0.2.0.1-alpha. - Avoid an uninitialized memory read when reading a vote or consensus document that has an unrecognized flavor name. This read could lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha. - Try to leak less information about what relays a client is choosing to a side-channel attacker. Previously, a Tor client would stop iterating through the list of available relays as soon as it had chosen one, thus finishing a little earlier when it picked a router earlier in the list. If an attacker can recover this timing information (nontrivial but not proven to be impossible), they could learn some coarse-grained information about which relays a client was picking (middle nodes in particular are likelier to be affected than exits). The timing attack might be mitigated by other factors (see bug 6537 for some discussion), but it's best not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c1 --- Comment #1 from Andreas Stieger <Andreas.Stieger@gmx.de> 2012-08-20 19:25:06 UTC --- https://build.opensuse.org/request/show/131248 https://build.opensuse.org/request/show/131250 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c kk zhang <kkzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kkzhang@suse.com AssignedTo|bnc-team-screening@forge.pr |bili@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c2 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com, | |security-team@suse.de --- Comment #2 from Marcus Meissner <meissner@suse.com> 2012-08-21 06:54:46 UTC --- does this issue have been assigned CVE ids already? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c3 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|update to Tor to fix |VUL-0: tor: update to Tor |potential remote crashes |to fix potential remote |and information disclosure |crashes and information | |disclosure --- Comment #3 from Marcus Meissner <meissner@suse.com> 2012-08-21 15:35:56 UTC --- On 08/21/2012 04:10 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors,
Tor upstream has recently released v0.2.2.38 version, correcting three security flaws:
1) tor: Read from freed memory and double free by processing failed DNS request Upstream ticket: [1] https://trac.torproject.org/projects/tor/ticket/6480
Relevant patch: [2] https://gitweb.torproject.org/tor.git/commitdiff/62637fa22405278758febb1743d...
References: [3] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
[4] https://bugzilla.novell.com/show_bug.cgi?id=776642
Please use CVE-2012-3517 for this issue.
2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name Upstream ticket: [6] https://trac.torproject.org/projects/tor/ticket/6530
Relevant patches: [7] https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac7096...
[8] https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc1...
References: [9] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
[10] https://bugzilla.novell.com/show_bug.cgi?id=776642
Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).
Please use CVE-2012-3518 for this issue.
3) tor: Client's relays path information leak Upstream ticket: [11] https://trac.torproject.org/projects/tor/ticket/6537
Relevant patches: [12] https://gitweb.torproject.org/tor.git/commitdiff/308f6dad20675c42b29862f4269...
[13] https://gitweb.torproject.org/tor.git/commitdiff/d48cebc5e498b0ae673635f40fc...
References: [14] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
[15] https://bugzilla.novell.com/show_bug.cgi?id=776642
Note: No Red Hat bug (same as in case 2,).
Please use CVE-2012-3519 for this issue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c4 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bili@suse.com |Andreas.Stieger@gmx.de --- Comment #4 from Marcus Meissner <meissner@suse.com> 2012-08-21 15:36:47 UTC --- obs maintainer seems to be andreas -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c5 Andreas Stieger <Andreas.Stieger@gmx.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|Andreas.Stieger@gmx.de |security-team@suse.de --- Comment #5 from Andreas Stieger <Andreas.Stieger@gmx.de> 2012-08-21 16:08:57 UTC --- Requests with CVEs: SR network/tor to openSUSE:Factory/tor: https://build.opensuse.org/request/show/131304 MR for openSUSE 12.2: https://build.opensuse.org/request/show/131306 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c6 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #6 from Swamp Workflow Management <swamp@suse.de> 2012-08-21 22:00:14 UTC --- bugbot adjusting priority -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:814:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c7 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #7 from Marcus Meissner <meissner@suse.com> 2012-08-30 12:04:40 UTC --- released, thanks! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776642 https://bugzilla.novell.com/show_bug.cgi?id=776642#c8 --- Comment #8 from Swamp Workflow Management <swamp@suse.de> 2012-08-30 12:08:55 UTC --- openSUSE-SU-2012:1068-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 776642 CVE References: CVE-2012-3517,CVE-2012-3518,CVE-2012-3519 Sources used: openSUSE 12.2 (src): tor-0.2.2.38-3.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=776642 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:814:moderate | -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com