Debian Security Advisory
DSA-2548-1 tor -- several vulnerabilities
- Date Reported:
- 13 Sep 2012
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2012-3518, CVE-2012-3519, CVE-2012-4419.
- More information:
Several vulnerabilities have been discovered in Tor, an online privacy tool.
Avoid an uninitialised memory read when reading a vote or consensus document that has an unrecognized flavour name. This could lead to a remote crash, resulting in denial of service.
Try to leak less information about what relays a client is choosing to a side-channel attacker.
By providing specially crafted date strings to a victim tor instance, an attacker can cause it to run into an assertion and shut down.
Additionally the update to stable includes the following fixes: when waiting for a client to renegotiate, don't allow it to add any bytes to the input buffer. This fixes a potential DoS issue [tor-5934, tor-6007].
For the stable distribution (squeeze), these problems have been fixed in version 0.2.2.39-1.
For the unstable distribution, these problems have been fixed in version 0.2.3.22-rc-1.
We recommend that you upgrade your tor packages.