Updated tor packages fix security vulnerability
Publication date: 07 Dec 2017Modification date: 07 Dec 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-8819 , CVE-2017-8820 , CVE-2017-8821 , CVE-2017-8822 , CVE-2017-8823
Description
When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, Tor didn't correctly detect replays in the RSA- encrypted part of the cell. It was previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor's legacy hybrid encryption. This can lead to a traffic confirmation attack (CVE-2017-8819). Denial of service issue where an attacker could crash a directory authority using a malformed router descriptor (CVE-2017-8820). Denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal (CVE-2017-8821). When running as a relay, Tor could build a path through itself, especially when it lost the version of its descriptor appearing in the consensus. When running as a relay, it could also choose itself as a guard (CVE-2017-8822). Use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points (CVE-2017-8823).
References
- https://bugs.mageia.org/show_bug.cgi?id=22108
- https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8820
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8821
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8823
SRPMS
5/core
- tor-0.2.8.17-1.mga5
6/core
- tor-0.2.9.14-1.mga6