[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 187-1] tor security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : tor
Version        : 0.2.4.27-1~deb6u1
CVE ID         : CVE-2015-2928 CVE-2015-2929

Several hidden service related denial-of-service issues have been
discovered in Tor, a connection-based low-latency anonymous
communication system.

o "disgleirio" discovered that a malicious client could trigger an
  assertion failure in a Tor instance providing a hidden service, thus
  rendering the service inaccessible.
  [CVE-2015-2928]

o "DonnchaC" discovered that Tor clients would crash with an assertion
  failure upon parsing specially crafted hidden service descriptors.
  [CVE-2015-2929]

o Introduction points would accept multiple INTRODUCE1 cells on one
  circuit, making it inexpensive for an attacker to overload a hidden
  service with introductions.  Introduction points no longer allow
  multiple such cells on the same circuit.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVIvPbAAoJEIYCyCA4cjMflHAH/RV9MCaznFJ8mu5ykIyaRc25
hA2flHAWUY5FAUCeWw/7en/R0eXC+kv9dpAzklfWGEmbBEhNC3pPS3qtZ+WK5fK2
B4OQt8vQo0MQ64lMLYHxSOfTfB6o1uKktMP98dZz1FiQWPyHRIBMubWmcP9UBpHT
LUrq5lb8Y9K14VfTyNcPb+EKUt06qWzWdJ1in9UgKt3tmRyvSLCZ4yTylclyemdI
/g18QRJpPqGWT+UuQfjw2KuDttRV7slhv9RqM4A3sYkjT4R7JhcBHoGvnHZ7YCgr
Tm1mECCTcekFrjAtH67bOn7Mchs+3J00azEBLhaH+ZKvsQ0w6JPitTrrOvAK/nI=
=1mbj
-----END PGP SIGNATURE-----


Reply to: