An integer overflow vulnerability was found in Tor. The application could crash while comparing malformed Tor versions when built with --enable-expensive-hardening. Upstream bug: https://trac.torproject.org/projects/tor/ticket/21278 Upstream patches: https://gitweb.torproject.org/tor.git/commit/?id=a0ef3cf0880e3cd343977b3fcbd0a2e7572f0cb4 https://gitweb.torproject.org/tor.git/commit/?id=194e31057fbf07d6bdf4b62d26e1a9db334e5f1c Related: https://gitweb.torproject.org/tor.git/commit/?id=1afc2ed956a35b40dfd1d207652af5b50c295da7 Extra fix: https://gitweb.torproject.org/tor.git/commit/?id=02e05bd74dbec614397b696cfcda6525562a4675
Created tor tracking bugs for this issue: Affects: epel-5 [bug 1428873] Affects: epel-6 [bug 1428874] Affects: epel-7 [bug 1428875] Affects: fedora-all [bug 1428876]