LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

tor: multiple vulnerabilities

Package(s):tor CVE #(s):CVE-2012-3517 CVE-2012-3518 CVE-2012-3519
Created:August 30, 2012 Updated:February 4, 2013
Description: From the CVE entries:

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. (CVE-2012-3517)

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. (CVE-2012-3518)

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. (CVE-2012-3519)

Alerts:
openSUSE openSUSE-SU-2012:1068-1 2012-08-30
Debian DSA-2548-1 2012-09-13
Mageia MGASA-2012-0276 2012-09-30
Gentoo 201301-03 2013-01-08
Fedora FEDORA-2012-14650 2013-02-03
Mandriva MDVSA-2013:132 2013-04-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds