Bug 1209804 (CVE-2015-2928, CVE-2015-2929)

Summary: CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: pfrields, pwouters, s
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tor 0.2.6.7, tor 0.2.5.12, tor 0.2.4.27 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-03 14:32:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1209805, 1209806    
Bug Blocks:    

Description Vasyl Kaigorodov 2015-04-08 09:10:27 UTC 
2 security issues were fixed in new upstream release of Tor.
From the https://blog.torproject.org/blog/tor-02512-and-0267-are-released:

- Fix an issue that would allow a malicious client to trigger an
  assertion failure and halt a hidden service. Fixes bug 15600;
  bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
  https://trac.torproject.org/projects/tor/ticket/15600
This was assigned CVE-2015-2928.

- Fix a bug that could cause a client to crash with an assertion
  failure when parsing a malformed hidden service descriptor. Fixes
  bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
  https://trac.torproject.org/projects/tor/ticket/15601
This was assigned CVE-2015-2929.
Comment 1 Vasyl Kaigorodov 2015-04-08 09:10:53 UTC 
Created tor tracking bugs for this issue:

Affects: fedora-all [bug 1209805]
Affects: epel-all [bug 1209806]
Comment 2 Fedora Update System 2015-04-18 09:41:10 UTC 
tor-0.2.5.12-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Fedora Update System 2015-04-18 09:48:50 UTC 
tor-0.2.5.12-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2015-04-21 18:39:41 UTC 
tor-0.2.5.12-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2015-04-28 19:15:12 UTC 
tor-0.2.4.27-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2015-04-28 19:15:30 UTC 
tor-0.2.5.12-1.el7 has been pushed to the Fedora EPEL 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2015-04-28 19:15:48 UTC 
tor-0.2.5.12-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.