Bug 770017 (CVE-2011-4896)

Summary: CVE-2011-4896 Tor Bridge information disclosure
Product: [Other] Security Response Reporter: Kurt Seifried <kseifried>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: extras-orphan, lmacken, rh-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-03-26 15:07:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 771512, 771513    
Bug Blocks: 885973    

Description Kurt Seifried 2011-12-23 02:45:45 UTC 
https://blog.torproject.org/blog/tor-02224-alpha-out

Tor before 0.2.2.24-alpha continues to use a reachable bridge that was
previously configured but is not currently configured, which might
allow remote attackers to obtain sensitive information about clients
in opportunistic circumstances by monitoring network traffic to the
bridge port.
Comment 1 Vincent Danen 2012-01-03 22:59:31 UTC 
Created tor tracking bugs for this issue

Affects: fedora-all [bug 771512]
Affects: epel-all [bug 771513]
Comment 2 Vincent Danen 2013-03-26 15:07:43 UTC 
Current EPEL and Fedora provide 0.2.3.25 which includes this fix.