It was reported [1],[2] that Tor suffered from a denial of service vulnerability due to an error when handling SENDME cells. This could be exploited to cause excessive consumption of memory resources within an entry node. This is fixed in upstream version 0.2.3.25 (git [3]). [1] https://secunia.com/advisories/51329/ [2] https://trac.torproject.org/projects/tor/ticket/6252 [3] https://gitweb.torproject.org/arma/tor.git/commitdiff/b9b54568c0bb64c32bd0b362954bdbc8c1234b16
Created tor tracking bugs for this issue Affects: fedora-all [bug 880313] Affects: epel-5 [bug 880314]
This was assigned CVE-2012-5573: http://www.openwall.com/lists/oss-security/2012/11/26/11
tor-0.2.3.25-1802.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
tor-0.2.3.25-1702.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.