Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 06:10:11 -0400 (EDT)
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Cc: oss-security@...ts.openwall.com
Subject: CVE Request -- Tor 0.2.2.38: Three issues

Hello Kurt, Steve, vendors,

  Tor upstream has recently released v0.2.2.38 version, correcting three
security flaws:

1) tor: Read from freed memory and double free by processing failed DNS request
   Upstream ticket:
   [1] https://trac.torproject.org/projects/tor/ticket/6480

   Relevant patch:
   [2] https://gitweb.torproject.org/tor.git/commitdiff/62637fa22405278758febb1743da9af562524d4c

   References:
   [3] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
   [4] https://bugzilla.novell.com/show_bug.cgi?id=776642
   [5] https://bugzilla.redhat.com/show_bug.cgi?id=849949

2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name
   Upstream ticket:
   [6] https://trac.torproject.org/projects/tor/ticket/6530

   Relevant patches:
   [7] https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f
   [8] https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546

   References:
   [9] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
   [10] https://bugzilla.novell.com/show_bug.cgi?id=776642
   Note: No Red Hat bug (Fedora tor versions already updated && EPEL one not affected).

3) tor: Client's relays path information leak
   Upstream ticket:
   [11] https://trac.torproject.org/projects/tor/ticket/6537

   Relevant patches:
   [12] https://gitweb.torproject.org/tor.git/commitdiff/308f6dad20675c42b29862f4269ad1fbfb00dc9a
   [13] https://gitweb.torproject.org/tor.git/commitdiff/d48cebc5e498b0ae673635f40fc57cdddab45d5b

   References:
   [14] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
   [15] https://bugzilla.novell.com/show_bug.cgi?id=776642
   Note: No Red Hat bug (same as in case 2,).

Could you allocate a CVE ids for these?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.