tor -- several vulnerabilities

2012-09-13T00:00:00
ID DSA-2548
Type debian
Reporter Debian
Modified 2012-09-13T00:00:00

Description

Several vulnerabilities have been discovered in Tor, an online privacy tool.

Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service.

Try to leak less information about what relays a client is choosing to a side-channel attacker.

By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down.

Additionally the update to stable includes the following fixes: when waiting for a client to renegotiate, don't allow it to add any bytes to the input buffer. This fixes a potential DoS issue [tor-5934, tor-6007].

For the stable distribution (squeeze), these problems have been fixed in version 0.2.2.39-1.

For the unstable distribution, these problems have been fixed in version 0.2.3.22-rc-1.

We recommend that you upgrade your tor packages.