Publishing details
Changelog
tor (0.2.4.27-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: DoS (client crash) via a crafted hidden service
descriptor.
- debian/patches/CVE-2016-1254.patch: Fix parsing bug with unrecognized
token at EOS.
- CVE-2016-1254
* SECURITY UPDATE: DoS (crash) via crafted data.
- debian/patches/CVE-2016-8860.patch: Protect against NUL-terminated
inputs.
- CVE-2016-8860
* SECURITY UPDATE: DoS (assertion failure and daemon exit) via a BEGIN_DIR
rendezvous circuit.
- debian/patches/CVE-2017-0376.patch: Fix assertion failure.
- CVE-2017-0376
* SECURITY UPDATE: Replay-cache protection mechanism is ineffective for v2
onion services.
- debian/patches/CVE-2017-8819.patch: Fix length of replaycache-checked
data.
- CVE-2017-8819
* SECURITY UPDATE: DoS (application hang) via a crafted PEM input.
- debian/patches/CVE-2017-8821.patch: Avoid asking for passphrase on
junky PEM input.
- CVE-2017-8821
* SECURITY UPDATE: Relays, that have incompletely downloaded
descriptors, can pick themselves in a circuit path, leading to a
degradation of anonymity
- debian/patches/CVE-2017-8822.patch: Use local descriptor object to
exclude self in path selection.
- CVE-2017-8822
-- Eduardo Barretto <email address hidden> Fri, 23 Nov 2018 14:25:06 -0200
Builds
Built packages
-
tor
anonymizing overlay network for TCP
-
tor-dbg
debugging symbols for Tor
-
tor-dbgsym
debug symbols for package tor
-
tor-geoipdb
GeoIP database for Tor
Package files