Re: CVE Request -- Tor 0.2.2.38: Three issues

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/21/2012 04:10 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
> Tor upstream has recently released v0.2.2.38 version, correcting
> three security flaws:
>
> 1) tor: Read from freed memory and double free by processing failed
> DNS request Upstream ticket: [1]
> https://trac.torproject.org/projects/tor/ticket/6480
>
> Relevant patch: [2]
> https://gitweb.torproject.org/tor.git/commitdiff/62637fa22405278758febb1743da9af562524d4c
>
>  References: [3]
> https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
[4] https://bugzilla.novell.com/show_bug.cgi?id=776642
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=849949

Please use CVE-2012-3517 for this issue.

> 2) tor: Unitialized memory read by reading vote or consensus
> document with unrecognized flavor name Upstream ticket: [6]
> https://trac.torproject.org/projects/tor/ticket/6530
>
> Relevant patches: [7]
> https://gitweb.torproject.org/tor.git/commitdiff/57e35ad3d91724882c345ac709666a551a977f0f
[8]
https://gitweb.torproject.org/tor.git/commitdiff/55f635745afacefffdaafc72cc176ca7ab817546
> References: [9]
> https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
[10] https://bugzilla.novell.com/show_bug.cgi?id=776642
> Note: No Red Hat bug (Fedora tor versions already updated && EPEL
> one not affected).

Please use CVE-2012-3518 for this issue.

> 3) tor: Client's relays path information leak Upstream ticket: [11]
> https://trac.torproject.org/projects/tor/ticket/6537
>
> Relevant patches: [12]
> https://gitweb.torproject.org/tor.git/commitdiff/308f6dad20675c42b29862f4269ad1fbfb00dc9a
[13]
https://gitweb.torproject.org/tor.git/commitdiff/d48cebc5e498b0ae673635f40fc57cdddab45d5b
> References: [14]
> https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html
[15] https://bugzilla.novell.com/show_bug.cgi?id=776642
> Note: No Red Hat bug (same as in case 2,).

Please use CVE-2012-3519 for this issue.

> Could you allocate a CVE ids for these?
>
> Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat
> Security Response Team


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQM5Q0AAoJEBYNRVNeJnmTloIQANccXHhHc8/RrckiTuW3DcuL
DwxwVZSDkKuFAP0/o5Msg+IzMjAIWX6ErH8t/kA0XB7blzoheFwA5cqcwJCn55/B
k6ZLdgSF8/gHfBkB4PmuxJ5S+00LB7Inr3FTfEoQ1yMKIy6YBC8tyYQ9ehwWlTmq
pC3yJQNn3JvcN648ghasmLM0Mp2q2wtRjn1wU0eOPLWHwan4gb0BYQfDEnU32eXv
iHInP6Z7v72kcOBTAq7Cq7B/Pa0E4GGlCdWwBKcG4RsP352qvAnd0mQ9zKxnCXkW
z4kiSQQhAVFldsfsWqyj07HW4oH+c+gSFH5rcnO7r+IzH+EmSq+hqnYfrpTPtswV
mjsCIzQtNEGn/lSSB9SWX8X9lu/WWbxyYH2iSSANPFsqlu/BK05MKIQ/u1IDoS3g
lJxpyfEl21mZPS+DwlPL6wPQOlI4sDQZKrBKwRh/3AHoQ/jaSogOH1FYK+jplwbU
xBX7mzSvk9Ql1sOXGXGiK43uVI3mSKfe+8c5w7mcEzMFKTKIPMncNmZyMzdY066O
RgDEcZHVx/nTLCq+h2XiZTwnkvqjAMX2VCOrewxJG/TgWf+/P+8LU0F65YezB/K4
PmYONiqJyGBv17vxY9AMuTTc/rS8GbclajkxBP4hc28P+rkM8FjbysV5DfndH8y4
lLOxgCstJclruuWzhHAH
=j7Ff
-----END PGP SIGNATURE-----