Package "tor"
Name: |
tor
|
Description: |
anonymizing overlay network for TCP
|
Latest version: |
0.2.4.27-1ubuntu0.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
https://www.torproject.org/ |
Links
Download "tor"
Other versions of "tor" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
tor (0.2.4.27-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: DoS (client crash) via a crafted hidden service
descriptor.
- debian/patches/CVE-2016-1254.patch: Fix parsing bug with unrecognized
token at EOS.
- CVE-2016-1254
* SECURITY UPDATE: DoS (crash) via crafted data.
- debian/patches/CVE-2016-8860.patch: Protect against NUL-terminated
inputs.
- CVE-2016-8860
* SECURITY UPDATE: DoS (assertion failure and daemon exit) via a BEGIN_DIR
rendezvous circuit.
- debian/patches/CVE-2017-0376.patch: Fix assertion failure.
- CVE-2017-0376
* SECURITY UPDATE: Replay-cache protection mechanism is ineffective for v2
onion services.
- debian/patches/CVE-2017-8819.patch: Fix length of replaycache-checked
data.
- CVE-2017-8819
* SECURITY UPDATE: DoS (application hang) via a crafted PEM input.
- debian/patches/CVE-2017-8821.patch: Avoid asking for passphrase on
junky PEM input.
- CVE-2017-8821
* SECURITY UPDATE: Relays, that have incompletely downloaded
descriptors, can pick themselves in a circuit path, leading to a
degradation of anonymity
- debian/patches/CVE-2017-8822.patch: Use local descriptor object to
exclude self in path selection.
- CVE-2017-8822
-- Eduardo Barretto <email address hidden> Fri, 23 Nov 2018 14:25:06 -0200
|
Source diff to previous version |
CVE-2016-1254 |
Tor before 0.2.8.12 might allow remote attackers to cause a denial of service (client crash) via a crafted hidden service descriptor. |
CVE-2016-8860 |
Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the |
CVE-2017-0376 |
The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_ |
CVE-2017-8819 |
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache |
CVE-2017-8821 |
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can |
CVE-2017-8822 |
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that hav |
|
tor (0.2.4.27-1build0.14.04.1) trusty-security; urgency=medium
* Synced from Debian as a security update
|
About
-
Send Feedback to @ubuntu_updates