[SECURITY] [DLA 187-1] tor security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package : tor
Version : 0.2.4.27-1~deb6u1
CVE ID : CVE-2015-2928 CVE-2015-2929
Several hidden service related denial-of-service issues have been
discovered in Tor, a connection-based low-latency anonymous
communication system.
o "disgleirio" discovered that a malicious client could trigger an
assertion failure in a Tor instance providing a hidden service, thus
rendering the service inaccessible.
[CVE-2015-2928]
o "DonnchaC" discovered that Tor clients would crash with an assertion
failure upon parsing specially crafted hidden service descriptors.
[CVE-2015-2929]
o Introduction points would accept multiple INTRODUCE1 cells on one
circuit, making it inexpensive for an attacker to overload a hidden
service with introductions. Introduction points no longer allow
multiple such cells on the same circuit.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVIvPbAAoJEIYCyCA4cjMflHAH/RV9MCaznFJ8mu5ykIyaRc25
hA2flHAWUY5FAUCeWw/7en/R0eXC+kv9dpAzklfWGEmbBEhNC3pPS3qtZ+WK5fK2
B4OQt8vQo0MQ64lMLYHxSOfTfB6o1uKktMP98dZz1FiQWPyHRIBMubWmcP9UBpHT
LUrq5lb8Y9K14VfTyNcPb+EKUt06qWzWdJ1in9UgKt3tmRyvSLCZ4yTylclyemdI
/g18QRJpPqGWT+UuQfjw2KuDttRV7slhv9RqM4A3sYkjT4R7JhcBHoGvnHZ7YCgr
Tm1mECCTcekFrjAtH67bOn7Mchs+3J00azEBLhaH+ZKvsQ0w6JPitTrrOvAK/nI=
=1mbj
-----END PGP SIGNATURE-----
Reply to: