[SECURITY] [DLA 982-1] tor security update

2017-06-1012:06:33

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

72.9%

JSON

Package : tor
Version : 0.2.4.29-1
CVE ID : CVE-2017-0376
Debian Bug : 864424

It has been discovered that Tor, a connection-based low-latency
anonymous communication system, contains a flaw in the hidden service
code. A remote attacker can take advantage of this flaw to cause a
hidden service to crash with an assertion failure (TROVE-2017-005).

For Debian 7 "Wheezy", this problem has been fixed in version
0.2.4.29-1.

We recommend that you upgrade your tor packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9i386tor< 0.2.9.11-1~deb9u1tor_0.2.9.11-1~deb9u1_i386.deb
Debian8armhftor< 0.2.5.14-1tor_0.2.5.14-1_armhf.deb
Debian8powerpctor< 0.2.5.14-1tor_0.2.5.14-1_powerpc.deb
Debian7amd64tor-dbg< 0.2.4.29-1tor-dbg_0.2.4.29-1_amd64.deb
Debian9amd64tor< 0.2.9.11-1~deb9u1tor_0.2.9.11-1~deb9u1_amd64.deb
Debian7armeltor-dbg< 0.2.4.29-1tor-dbg_0.2.4.29-1_armel.deb
Debian9arm64tor< 0.2.9.11-1~deb9u1tor_0.2.9.11-1~deb9u1_arm64.deb
Debian8armeltor-dbg< 0.2.5.14-1tor-dbg_0.2.5.14-1_armel.deb
Debian7armhftor< 0.2.4.29-1tor_0.2.4.29-1_armhf.deb
Debian9arm64tor-dbg< 0.2.9.11-1~deb9u1tor-dbg_0.2.9.11-1~deb9u1_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	tor	< 0.2.9.11-1~deb9u1	tor_0.2.9.11-1~deb9u1_i386.deb
Debian	8	armhf	tor	< 0.2.5.14-1	tor_0.2.5.14-1_armhf.deb
Debian	8	powerpc	tor	< 0.2.5.14-1	tor_0.2.5.14-1_powerpc.deb
Debian	7	amd64	tor-dbg	< 0.2.4.29-1	tor-dbg_0.2.4.29-1_amd64.deb
Debian	9	amd64	tor	< 0.2.9.11-1~deb9u1	tor_0.2.9.11-1~deb9u1_amd64.deb
Debian	7	armel	tor-dbg	< 0.2.4.29-1	tor-dbg_0.2.4.29-1_armel.deb
Debian	9	arm64	tor	< 0.2.9.11-1~deb9u1	tor_0.2.9.11-1~deb9u1_arm64.deb
Debian	8	armel	tor-dbg	< 0.2.5.14-1	tor-dbg_0.2.5.14-1_armel.deb
Debian	7	armhf	tor	< 0.2.4.29-1	tor_0.2.4.29-1_armhf.deb
Debian	9	arm64	tor-dbg	< 0.2.9.11-1~deb9u1	tor-dbg_0.2.9.11-1~deb9u1_arm64.deb