Arch Linux: ASA-201707-8 Medium: Tor Session Hijack Risk

Arch Linux Security Advisory ASA-201707-8
========================================
Severity: Medium
Date    : 2017-07-11
CVE-ID  : CVE-2017-0377
Package : tor
Type    : session hijacking
Remote  : Yes
Link    : https://security.archlinux.org/AVG-336

Summary
======
The package tor before version 0.3.0.9-1 is vulnerable to session
hijacking.

Resolution
=========
Upgrade to 0.3.0.9-1.

# pacman -Syu "tor>=0.3.0.9-1"

The problem has been fixed upstream in version 0.3.0.9.

Workaround
=========
None.

Description
==========
A security issue has been found in Tor <= 0.3.0.8, which could make it
easier to eavesdrop on Tor users' traffic. When choosing which guard to
use for a circuit, Tor avoids using a node that is in the same family
that the exit node it selected, but this check was accidentally removed
in 0.3.0.

Impact
=====
An attacker might be able to eavesdrop on Tor users' traffic by getting
in a position to analyze both the incoming and outgoing traffic of a
circuit.

References
=========
https://blog.torproject.org/tor-0309-released-security-update-clients/
https://gitlab.torproject.org/legacy/trac/-/issues/22753
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
https://security.archlinux.org/CVE-2017-0377