CVE-2017-0375 The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. https://trac.torproject.org/projects/tor/ticket/22493 https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7 CVE-2017-0376 The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. https://trac.torproject.org/projects/tor/ticket/22494 https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd References: https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html
Created tor tracking bugs for this issue: Affects: epel-all [bug 1461275] Affects: fedora-all [bug 1461276]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.