Executive Summary

Summary
Title tor security update
Informations
Name DSA-3216 First vendor Publication 2015-04-06
Vendor Debian Last vendor Modification 2015-04-06
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score Not Defined Attack Range Not Defined
Cvss Impact Score Not Defined Attack Complexity Not Defined
Cvss Expoit Score Not Defined Authentication Not Defined
Calculate full CVSS 2.0 Vectors scores

Detail

Several vulnerabilities have been discovered in Tor, a connection-based low-latency anonymous communication system:

CVE-2015-2928

"disgleirio" discovered that a malicious client could trigger an assertion failure in a Tor instance providing a hidden service, thus rendering the service inaccessible.

CVE-2015-2929

"DonnchaC" discovered that Tor clients would crash with an assertion failure upon parsing specially crafted hidden service descriptors.

Introduction points would accept multiple INTRODUCE1 cells on one circuit, making it inexpensive for an attacker to overload a hidden service with introductions. Introduction points now no longer allow multiple cells of that type on the same circuit.

For the stable distribution (wheezy), these problems have been fixed in version 0.2.4.27-1.

For the unstable distribution (sid), these problems have been fixed in version 0.2.5.12-1.

For the experimental distribution, these problems have been fixed in version 0.2.6.7-1.

We recommend that you upgrade your tor packages.

Original Source

Url : http://www.debian.org/security/2015/dsa-3216

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-04-09 13:29:15
  • Multiple Updates
2015-04-07 00:24:39
  • First insertion