Red Hat Bugzilla – Bug 485439
tor: multiple security fixes
Last modified: 2009-02-13 11:08:41 EST
A number of security issues were found in tor. The following is taken from
their announcements mailing list:
Changes in version 0.2.0.34 - 2009-02-08
o Security fixes:
- Fix an infinite-loop bug on handling corrupt votes under certain
circumstances. Bugfix on 0.2.0.8-alpha.
- Fix a temporary DoS vulnerability that could be performed by
a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
- Avoid a potential crash on exit nodes when processing malformed
input. Remote DoS opportunity. Bugfix on 0.2.0.33.
- Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
Spec conformance issue. Bugfix on Tor 0.0.2pre27.
*** This bug has been marked as a duplicate of bug 485021 ***