Twenty Year Anniversary

Mandriva Linux Security Advisory 2013-132

Mandriva Linux Security Advisory 2013-132
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-132 - Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values. Various other vulnerabilities have been addressed.

tags | advisory, remote, vulnerability
systems | linux, mandriva
advisories | CVE-2011-2768, CVE-2011-2769, CVE-2012-3517, CVE-2012-3518, CVE-2012-3519, CVE-2012-4419, CVE-2012-5573
MD5 | 36bbb2b4a1c6d9ca9c102f36b05c7c5d

Mandriva Linux Security Advisory 2013-132

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2013:132
http://www.mandriva.com/en/support/security/
_______________________________________________________________________

Package : tor
Date : April 10, 2013
Affected: Business Server 1.0
_______________________________________________________________________

Problem Description:

Updated tor package fixes security vulnerabilities:

Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS
certificate chain as part of an outgoing OR connection, which allows
remote relays to bypass intended anonymity properties by reading this
chain and then determining the set of entry guards that the client
or bridge had selected (CVE-2011-2768).

Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE
and CREATE_FAST values in the Command field of a cell within an OR
connection that it initiated, which allows remote relays to enumerate
bridges by using these values (CVE-2011-2769).

Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might
allow remote attackers to cause a denial of service (daemon crash)
via vectors related to failed DNS requests (CVE-2012-3517).

The networkstatus_parse_vote_from_string function in routerparse.c
in Tor before 0.2.2.38 does not properly handle an invalid flavor
name, which allows remote attackers to cause a denial of service
(out-of-bounds read and daemon crash) via a crafted (1) vote document
or (2) consensus document (CVE-2012-3518).

routerlist.c in Tor before 0.2.2.38 uses a different amount of time
for relay-list iteration depending on which relay is chosen, which
might allow remote attackers to obtain sensitive information about
relay selection via a timing side-channel attack (CVE-2012-3519).

The compare_tor_addr_to_addr_policy function in or/policies.c in
Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote
attackers to cause a denial of service (assertion failure and daemon
exit) via a zero-valued port field that is not properly handled during
policy comparison (CVE-2012-4419).

Tor before 0.2.2.39, when waiting for a client to renegotiate, allowed
it to add bytes to the input buffer, allowing a crash to be caused
remotely (tor-5934, tor-6007).

Denial of Service vulnerability in Tor before 0.2.3.25, due to an
error when handling SENDME cells and can be exploited to cause
excessive consumption of memory resources within an entry node
(SA51329, CVE-2012-5573).

The version of Tor shipped in MBS1 did not have correctly formed
systemd unit and thus failed to start.

This updated version corrects this problem and restores working
behaviour.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2768
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2769
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5573
https://wiki.mageia.org/en/Support/Advisories/MGAA-2012-0184
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0276
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0356
_______________________________________________________________________

Updated Packages:

Mandriva Business Server 1/X86_64:
8cadc920e4452cd2a3551a3cb01d9fcf mbs1/x86_64/tor-0.2.2.39-1.mbs1.x86_64.rpm
7cbba7170bc4f9e6ee8409398437570c mbs1/SRPMS/tor-0.2.2.39-1.mbs1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRZVsDmqjQ0CJFipgRAm9IAJ9tYUVrI7u2V+7yJGNLn2OVMdOzcACgyrhf
PUIroe88x4NDpj7AUyd2YP8=
=x4YG
-----END PGP SIGNATURE-----


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

May 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    17 Files
  • 3
    May 3rd
    30 Files
  • 4
    May 4th
    29 Files
  • 5
    May 5th
    2 Files
  • 6
    May 6th
    3 Files
  • 7
    May 7th
    13 Files
  • 8
    May 8th
    27 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    15 Files
  • 11
    May 11th
    8 Files
  • 12
    May 12th
    2 Files
  • 13
    May 13th
    8 Files
  • 14
    May 14th
    7 Files
  • 15
    May 15th
    43 Files
  • 16
    May 16th
    19 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    15 Files
  • 19
    May 19th
    3 Files
  • 20
    May 20th
    6 Files
  • 21
    May 21st
    15 Files
  • 22
    May 22nd
    8 Files
  • 23
    May 23rd
    53 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close