A read from already freed memory and double free flaws were found in the way Tor, a connection-based low-latency anonymous communication system, performed processing of certain failing DNS requests. A remote attacker could issue a specially-crafted DNS request that, when processed would lead to tor executable crash. Upstream ticket: [1] https://trac.torproject.org/projects/tor/ticket/6480 Relevant patch: [2] https://gitweb.torproject.org/tor.git/commitdiff/62637fa22405278758febb1743da9af562524d4c References: [3] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [4] https://bugzilla.novell.com/show_bug.cgi?id=776642
This issue affects the version of the tor package, as shipped with Fedora EPEL 5. Please schedule an update. -- Tor package versions, shipped in Fedora 16 and Fedora 17 got already updated to upstream 0.2.2.38 version.
Created tor tracking bugs for this issue Affects: epel-5 [bug 849952]
For the other two issues corrected within 0.2.2.38 version: https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html 2) tor: Unitialized memory read by reading vote or consensus document with unrecognized flavor name --------------------------------------------------------------------------- Upstream ticket: [5] https://trac.torproject.org/projects/tor/ticket/6530 Relevant patches: [6] https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f [7] https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546 References: [8] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [9] https://bugzilla.novell.com/show_bug.cgi?id=776642 and 3) tor: Client's relays path information leak --------------------------------------------- Upstream ticket: [10] https://trac.torproject.org/projects/tor/ticket/6537 Relevant patches: [11] https://gitweb.torproject.org/tor.git/commitdiff/308f6dad20675c42b29862f4269ad1fbfb00dc9a [12] https://gitweb.torproject.org/tor.git/commitdiff/d48cebc5e498b0ae673635f40fc57cdddab45d5b References: [13] https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html [14] https://bugzilla.novell.com/show_bug.cgi?id=776642 Relevant patches are not applicable to the source code base for tor package version, as shipped with Fedora EPEL 5 yet (it is not affected by 2) and 3) flaws). The 2) and 3) flaws are also already corrected in Fedora 16 and Fedora 17 tor package versions.
CVE request: http://www.openwall.com/lists/oss-security/2012/08/21/3
Assigned CVE-2012-3517 http://www.openwall.com/lists/oss-security/2012/08/21/6
Added additional CVEs http://www.openwall.com/lists/oss-security/2012/08/21/6
tor-0.2.2.39-1800.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
tor-0.2.2.39-1700.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.