Tor 0.2.1.29 fixes a number of security flaws, as noted below: http://blog.torproject.org/blog/tor-02129-released-security-patches https://gitweb.torproject.org/tor.git/blob/refs/heads/release-0.2.2:/ChangeLog The specifics of the CVEs are as follows: * Name: CVE-2011-0015 * Reference: https://trac.torproject.org/projects/tor/ticket/2324 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor. * Name: CVE-2011-0016 * Reference: https://trac.torproject.org/projects/tor/ticket/2384 * Reference: https://trac.torproject.org/projects/tor/ticket/2385 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process. * Name: CVE-2011-0427 Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. * Name: CVE-2011-0490 * Reference: https://trac.torproject.org/projects/tor/ticket/2190 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages. * Name: CVE-2011-0491 * Reference: https://trac.torproject.org/projects/tor/ticket/2324 The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors." * Name: CVE-2011-0492 * Reference: https://trac.torproject.org/projects/tor/ticket/2326 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file. * Name: CVE-2011-0493 * Reference: https://trac.torproject.org/projects/tor/ticket/2352 Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.
Fedora currently has 0.2.1.29 in testing, so once those have hit stable, Fedora is taken care of. EPEL5 has quite an old version of tor (0.2.1.19) and is vulnerable to these flaws.
Created tor tracking bugs for this issue Affects: epel-5 [bug 671263]
F13 and F14 still doesn't contain 0.2.1.29. What is blocking 0.2.1.29? http://koji.fedoraproject.org/koji/buildinfo?buildID=214444 http://koji.fedoraproject.org/koji/buildinfo?buildID=214443 there also 0.2.1.30 packages: http://koji.fedoraproject.org/koji/buildinfo?buildID=234269 http://koji.fedoraproject.org/koji/buildinfo?buildID=234271
Please see bug #705192; we need to update to 0.2.1.30. Thanks.
fixed long time ago