LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

tor: multiple vulnerabilities

Package(s):tor CVE #(s):CVE-2012-3517 CVE-2012-3518 CVE-2012-3519
Created:August 30, 2012 Updated:February 4, 2013
Description: From the CVE entries:

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests. (CVE-2012-3517)

The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document. (CVE-2012-3518)

routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack. (CVE-2012-3519)

Alerts:
openSUSE openSUSE-SU-2012:1068-1 2012-08-30
Debian DSA-2548-1 2012-09-13
Mageia MGASA-2012-0276 2012-09-30
Gentoo 201301-03 2013-01-08
Fedora FEDORA-2012-14650 2013-02-03
Mandriva MDVSA-2013:132 2013-04-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds