Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Tim Sammut <underling@g.o>
To: gentoo-announce@g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 201110-13 ] Tor: Multiple vulnerabilities
Date: Tue, 18 Oct 2011 18:44:07
Message-Id: 4E9DC793.9080107@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201110-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Tor: Multiple vulnerabilities
9 Date: October 18, 2011
10 Bugs: #351920, #359789
11 ID: 201110-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities were found in Tor, the most severe of which
19 may allow a remote attacker to execute arbitrary code.
20
21 Background
22 ==========
23
24 Tor is an implementation of second generation Onion Routing, a
25 connection-oriented anonymizing communication service.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-misc/tor < 0.2.1.30 >= 0.2.1.30
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in Tor. Please review the
39 CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote unauthenticated attacker may be able to execute arbitrary code
45 with the privileges of the Tor process or create a Denial of Service.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Tor users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=net-misc/tor-0.2.1.30"
59
60 NOTE: This is a legacy GLSA. Updates for all affected architectures are
61 available since April 2, 2011. It is likely that your system is already
62 no longer affected by this issue.
63
64 References
65 ==========
66
67 [ 1 ] CVE-2011-0015
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0015
69 [ 2 ] CVE-2011-0016
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0016
71 [ 3 ] CVE-2011-0427
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0427
73 [ 4 ] CVE-2011-0490
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0490
75 [ 5 ] CVE-2011-0491
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0491
77 [ 6 ] CVE-2011-0492
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0492
79 [ 7 ] CVE-2011-0493
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0493
81 [ 8 ] CVE-2011-1924
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1924
83
84 Availability
85 ============
86
87 This GLSA and any updates to it are available for viewing at
88 the Gentoo Security Website:
89
90 http://security.gentoo.org/glsa/glsa-201110-13.xml
91
92 Concerns?
93 =========
94
95 Security is a primary focus of Gentoo Linux and ensuring the
96 confidentiality and security of our users' machines is of utmost
97 importance to us. Any security concerns should be addressed to
98 security@g.o or alternatively, you may file a bug at
99 https://bugs.gentoo.org.
100
101 License
102 =======
103
104 Copyright 2011 Gentoo Foundation, Inc; referenced text
105 belongs to its owner(s).
106
107 The contents of this document are licensed under the
108 Creative Commons - Attribution / Share Alike license.
109
110 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups