Bug 1467727 (CVE-2017-0377)

Summary: CVE-2017-0377 tor: improper implementation of guard-selection algorithm could weaken anonymity
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: lewk, mh+fedora, mh, pwouters, s
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-20 11:36:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1467728, 1467729    
Bug Blocks:    

Description Pedro Sampaio 2017-07-04 21:39:29 UTC 
Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only
considers the exit relay (not the exit relay's family), which might
allow remote attackers to defeat intended anonymity properties by
leveraging the existence of large families.

Upstream bug:

https://trac.torproject.org/projects/tor/ticket/22753

Upstream patch:

https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350

References:

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
Comment 1 Pedro Sampaio 2017-07-04 21:39:52 UTC 
Created tor tracking bugs for this issue:

Affects: epel-all [bug 1467728]
Affects: fedora-all [bug 1467729]
Comment 2 Marcel Haerry 2017-07-26 09:10:26 UTC 
Only 0.3.0.x or 0.3.1.x versions were affected by this CVE. Fedora nor EPEL currently ship a Version > 0.2.9.10, which means nobody was affected and this could be closed.