It was found that there is an issue with parsing that could ause clients to read a single byte past the end of an allocated region. This bug could be used to cause hardened clients (built with --enable-expensive-hardening) to crash if they tried to visit a hostile hidden service. Non-hardened clients are only affected depending on the details of their platform's memory allocator. External References: https://lists.torproject.org/pipermail/tor-announce/2016-December/000122.html Upstream patch: https://gitweb.torproject.org/tor.git/commit/?id=d978216dea6b21ac38230a59d172139185a68dbd
Created tor tracking bugs for this issue: Affects: fedora-all [bug 1406316] Affects: epel-all [bug 1406317]