Bug 849949 (CVE-2012-3517, CVE-2012-3518, CVE-2012-3519)
| Summary: | CVE-2012-3517 tor: Read from freed memory and double free by processing failed DNS request | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | extras-orphan, lmacken, pwouters, rh-bugzilla |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | tor 0.2.2.38 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-05-31 03:08:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 849952 | ||
| Bug Blocks: | |||
|
Description
Jan Lieskovsky
2012-08-21 10:00:45 UTC
This issue affects the version of the tor package, as shipped with Fedora EPEL 5. Please schedule an update. -- Tor package versions, shipped in Fedora 16 and Fedora 17 got already updated to upstream 0.2.2.38 version. Created tor tracking bugs for this issue Affects: epel-5 [bug 849952] For the other two issues corrected within 0.2.2.38 version: https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html 2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name --------------------------------------------------------------------------- Upstream ticket: [5] https://trac.torproject.org/projects/tor/ticket/6530 Relevant patches: [6] https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f [7] https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546 References: [8] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [9] https://bugzilla.novell.com/show_bug.cgi?id=776642 and 3) tor: Client's relays path information leak --------------------------------------------- Upstream ticket: [10] https://trac.torproject.org/projects/tor/ticket/6537 Relevant patches: [11] https://gitweb.torproject.org/tor.git/commitdiff/308f6dad20675c42b29862f4269ad1fbfb00dc9a [12] https://gitweb.torproject.org/tor.git/commitdiff/d48cebc5e498b0ae673635f40fc57cdddab45d5b References: [13] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [14] https://bugzilla.novell.com/show_bug.cgi?id=776642 Relevant patches are not applicable to the source code base for tor package version, as shipped with Fedora EPEL 5 yet (it is not affected by 2) and 3) flaws). The 2) and 3) flaws are also already corrected in Fedora 16 and Fedora 17 tor package versions. Added additional CVEs http://www.openwall.com/lists/oss-security/2012/08/21/6 tor-0.2.2.39-1800.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. tor-0.2.2.39-1700.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |