tor: multiple vulnerabilities
| Package(s): | tor | CVE #(s): | CVE-2008-5397 CVE-2008-5398 CVE-2009-0414 CVE-2009-0939 CVE-2009-0936 CVE-2009-0937 CVE-2009-0938 | ||||
| Created: | April 9, 2009 | Updated: | April 15, 2009 | ||||
| Description: | Tor has a number of vulnerabilities. From the Gentoo alert:
* Theo de Raadt reported that the application does not properly drop privileges to the primary groups of the user specified via the "User" configuration option (CVE-2008-5397). * rovv reported that the "ClientDNSRejectInternalAddresses" configuration option is not always enforced (CVE-2008-5398). * Ilja van Sprundel reported a heap-corruption vulnerability that might be remotely triggerable on some platforms (CVE-2009-0414). * It has been reported that incomplete IPv4 addresses are treated as valid, violating the specification (CVE-2009-0939). * Three unspecified vulnerabilities have also been reported (CVE-2009-0936, CVE-2009-0937, CVE-2009-0938). | ||||||
| Alerts: |
| ||||||