Package : tor Version : 0.2.4.27-1~deb6u1 CVE ID : CVE-2015-2928 CVE-2015-2929
Several hidden service related denial-of-service issues have been discovered in Tor, a connection-based low-latency anonymous communication system.
o "disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible. [CVE-2015-2928]
o "DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors. [CVE-2015-2929]
o Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points no longer allow multiple such cells on the same circuit.