Bug 926097 (CVE-2015-2928) - VUL-0: CVE-2015-2928, CVE-2015-2929: tor: multiple denial-of-service vulnerabilities fixed in 0.2.6.7, 0.2.5.12 and 0.2.4.27
Summary: VUL-0: CVE-2015-2928, CVE-2015-2929: tor: multiple denial-of-service vulnerab...
Status: RESOLVED FIXED
Alias: CVE-2015-2928
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.2
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-06 18:52 UTC by Andreas Stieger
Modified: 2015-04-13 08:04 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-06 18:52:41 UTC 
via oss-sec http://seclists.org/oss-sec/2015/q2/55

New versions of tor were released (0.2.6.7, 0.2.5.12 and 0.2.4.27)
fixing denial of service vulnerabilities, the changelog for 0.2.6.7
lists the ones below. Could you assign CVE identifiers for those? (I
guess the first and second might deserve one? Not sure about the third
and last item):

    Changes in version 0.2.6.7 - 2015-04-06
      Tor 0.2.6.7 fixes two security issues that could be used by an
      attacker to crash hidden services, or crash clients visiting hidden
      services. Hidden services should upgrade as soon as possible; clients
      should upgrade whenever packages become available.

      This release also contains two simple improvements to make hidden
      services a bit less vulnerable to denial-of-service attacks.

      o Major bugfixes (security, hidden service):
        - Fix an issue that would allow a malicious client to trigger an
          assertion failure and halt a hidden service. Fixes bug 15600;
          bugfix on 0.2.1.6-alpha. Reported by "disgleirio".


https://trac.torproject.org/projects/tor/ticket/15600

        - Fix a bug that could cause a client to crash with an assertion
          failure when parsing a malformed hidden service descriptor. Fixes
          bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".


https://trac.torproject.org/projects/tor/ticket/15601


      o Minor features (DoS-resistance, hidden service):
        - Introduction points no longer allow multiple INTRODUCE1 cells to
          arrive on the same circuit. This should make it more expensive for
          attackers to overwhelm hidden services with introductions.
          Resolves ticket 15515.


https://trac.torproject.org/projects/tor/ticket/15515

        - Decrease the amount of reattempts that a hidden service performs
          when its rendezvous circuits fail. This reduces the computational
          cost for running a hidden service under heavy load. Resolves
          ticket 11447.


https://trac.torproject.org/projects/tor/ticket/11447
Comment 1 Andreas Stieger 2015-04-06 19:29:12 UTC 
openSUSE:Maintenance:3685
Comment 2 Bernhard Wiedemann 2015-04-06 20:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (926097) was mentioned in
https://build.opensuse.org/request/show/294665 Factory / tor
https://build.opensuse.org/request/show/294666 13.2+13.1 / tor
Comment 3 Bernhard Wiedemann 2015-04-06 22:00:06 UTC 
This is an autogenerated message for OBS integration:
This bug (926097) was mentioned in
https://build.opensuse.org/request/show/294673 Factory / tor
Comment 4 Andreas Stieger 2015-04-13 07:33:42 UTC 
released
Comment 5 Swamp Workflow Management 2015-04-13 08:04:55 UTC 
openSUSE-SU-2015:0712-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 926097
CVE References: CVE-2015-2928,CVE-2015-2929
Sources used:
openSUSE 13.2 (src):    tor-0.2.4.27-13.1
openSUSE 13.1 (src):    tor-0.2.4.27-5.30.1