Bugzilla – Bug 1005213
VUL-0: tor: specially crafted data may crashing tor instances
Last modified: 2016-10-19 12:16:37 UTC
From https://lists.torproject.org/pipermail/tor-announce/2016-October/000115.html > Tor 0.2.8.9 backports a fix for a security hole in previous versions > of Tor that would allow a remote attacker to crash a Tor client, > hidden service, relay, or authority. All Tor users should upgrade to > this version, or to 0.2.9.4-alpha. Patches will be released for older > versions of Tor. > > o Major features (security fixes, also in 0.2.9.4-alpha): > - Prevent a class of security bugs caused by treating the contents > of a buffer chunk as if they were a NUL-terminated string. At > least one such bug seems to be present in all currently used > versions of Tor, and would allow an attacker to remotely crash > most Tor instances, especially those compiled with extra compiler > hardening. With this defense in place, such bugs can't crash Tor, > though we should still fix them as they occur. Closes ticket > 20384 (TROVE-2016-10-001). Remote DoS. Source patches available for 0.2.4, 0.2.5, 0.2.6, 0.2.7 https://trac.torproject.org/projects/tor/ticket/20384
bugbot adjusting priority
dup of 1005292 *** This bug has been marked as a duplicate of bug 1005292 ***
This is an autogenerated message for OBS integration: This bug (1005213) was mentioned in https://build.opensuse.org/request/show/436108 Factory / tor