[ubuntu/trusty-updates] tor 0.2.4.27-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Nov 26 17:58:08 UTC 2018
tor (0.2.4.27-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: DoS (client crash) via a crafted hidden service
descriptor.
- debian/patches/CVE-2016-1254.patch: Fix parsing bug with unrecognized
token at EOS.
- CVE-2016-1254
* SECURITY UPDATE: DoS (crash) via crafted data.
- debian/patches/CVE-2016-8860.patch: Protect against NUL-terminated
inputs.
- CVE-2016-8860
* SECURITY UPDATE: DoS (assertion failure and daemon exit) via a BEGIN_DIR
rendezvous circuit.
- debian/patches/CVE-2017-0376.patch: Fix assertion failure.
- CVE-2017-0376
* SECURITY UPDATE: Replay-cache protection mechanism is ineffective for v2
onion services.
- debian/patches/CVE-2017-8819.patch: Fix length of replaycache-checked
data.
- CVE-2017-8819
* SECURITY UPDATE: DoS (application hang) via a crafted PEM input.
- debian/patches/CVE-2017-8821.patch: Avoid asking for passphrase on
junky PEM input.
- CVE-2017-8821
* SECURITY UPDATE: Relays, that have incompletely downloaded
descriptors, can pick themselves in a circuit path, leading to a
degradation of anonymity
- debian/patches/CVE-2017-8822.patch: Use local descriptor object to
exclude self in path selection.
- CVE-2017-8822
Date: 2018-11-26 16:04:17.183114+00:00
Changed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/tor/0.2.4.27-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list