Publishing details

• Published on 2018-11-26
• Copied from ubuntu trusty in PPA for Ubuntu Security Proposed by Eduardo Barretto

Changelog

tor (0.2.4.27-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS (client crash) via a crafted hidden service
    descriptor.
    - debian/patches/CVE-2016-1254.patch: Fix parsing bug with unrecognized
      token at EOS.
    - CVE-2016-1254
  * SECURITY UPDATE: DoS (crash) via crafted data.
    - debian/patches/CVE-2016-8860.patch: Protect against NUL-terminated
      inputs.
    - CVE-2016-8860
  * SECURITY UPDATE: DoS (assertion failure and daemon exit) via a BEGIN_DIR
    rendezvous circuit.
    - debian/patches/CVE-2017-0376.patch: Fix assertion failure.
    - CVE-2017-0376
  * SECURITY UPDATE: Replay-cache protection mechanism is ineffective for v2
    onion services.
    - debian/patches/CVE-2017-8819.patch: Fix length of replaycache-checked
      data.
    - CVE-2017-8819
  * SECURITY UPDATE: DoS (application hang) via a crafted PEM input.
    - debian/patches/CVE-2017-8821.patch: Avoid asking for passphrase on
      junky PEM input.
    - CVE-2017-8821
  * SECURITY UPDATE: Relays, that have incompletely downloaded
    descriptors, can pick themselves in a circuit path, leading to a
    degradation of anonymity
    - debian/patches/CVE-2017-8822.patch: Use local descriptor object to
      exclude self in path selection.
    - CVE-2017-8822

 -- Eduardo Barretto <email address hidden>  Fri, 23 Nov 2018 14:25:06 -0200

Builds

• amd64
• arm64
• armhf
• i386
• powerpc
• ppc64el

Built packages

• tor anonymizing overlay network for TCP

• tor-dbg debugging symbols for Tor

• tor-dbgsym debug symbols for package tor

• tor-geoipdb GeoIP database for Tor

Package files

• tor-dbg_0.2.4.27-1ubuntu0.1_amd64.deb (1.4 MiB)
• tor-dbg_0.2.4.27-1ubuntu0.1_arm64.deb (1.4 MiB)
• tor-dbg_0.2.4.27-1ubuntu0.1_armhf.deb (1.4 MiB)
• tor-dbg_0.2.4.27-1ubuntu0.1_i386.deb (1.3 MiB)
• tor-dbg_0.2.4.27-1ubuntu0.1_powerpc.deb (1.3 MiB)
• tor-dbg_0.2.4.27-1ubuntu0.1_ppc64el.deb (1.4 MiB)
• tor-dbgsym_0.2.4.27-1ubuntu0.1_amd64.ddeb (1.5 KiB)
• tor-dbgsym_0.2.4.27-1ubuntu0.1_arm64.ddeb (1.5 KiB)
• tor-dbgsym_0.2.4.27-1ubuntu0.1_armhf.ddeb (1.5 KiB)
• tor-dbgsym_0.2.4.27-1ubuntu0.1_i386.ddeb (1.5 KiB)
• tor-dbgsym_0.2.4.27-1ubuntu0.1_powerpc.ddeb (1.5 KiB)
• tor-dbgsym_0.2.4.27-1ubuntu0.1_ppc64el.ddeb (1.5 KiB)
• tor-geoipdb_0.2.4.27-1ubuntu0.1_all.deb (507.0 KiB)
• tor_0.2.4.27-1ubuntu0.1.diff.gz (39.3 KiB)
• tor_0.2.4.27-1ubuntu0.1.dsc (2.1 KiB)
• tor_0.2.4.27-1ubuntu0.1_amd64.deb (768.8 KiB)
• tor_0.2.4.27-1ubuntu0.1_arm64.deb (646.1 KiB)
• tor_0.2.4.27-1ubuntu0.1_armhf.deb (707.6 KiB)
• tor_0.2.4.27-1ubuntu0.1_i386.deb (725.8 KiB)
• tor_0.2.4.27-1ubuntu0.1_powerpc.deb (640.9 KiB)
• tor_0.2.4.27-1ubuntu0.1_ppc64el.deb (677.7 KiB)
• tor_0.2.4.27.orig.tar.gz (3.0 MiB)