Quoting tor 0.2.0.34 release announcement: Security fixes: * Fix an infinite-loop bug on handling corrupt votes under certain circumstances. Bugfix on 0.2.0.8-alpha. * Fix a temporary DoS vulnerability that could be performed by a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark. * Avoid a potential crash on exit nodes when processing malformed input. Remote DoS opportunity. Bugfix on 0.2.0.33. * Do not accept incomplete ipv4 addresses (like 192.168.0) as valid. Spec conformance issue. Bugfix on Tor 0.0.2pre27. https://blog.torproject.org/blog/tor-0.2.0.34-stable-released http://archives.seul.org/or/announce/Feb-2009/msg00000.html
*** Bug 485439 has been marked as a duplicate of this bug. ***
*** Bug 485441 has been marked as a duplicate of this bug. ***
*** Bug 485442 has been marked as a duplicate of this bug. ***
CVE-2009-0936: Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes." CVE-2009-0937: Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors. CVE-2009-0938: Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input." CVE-2009-0939: Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.
All current versions of Fedora hae tor 0.2.0.35 or higher so this does not affect Fedora.