Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

Debian DSA-3694-1 Critical: Tor Remote Crash Buffer Handling Issue

debian
Calendar Grey October 18, 2016
Scroller Debian
Enhance the tor software in order to fix memory management problems as indicated in the Debian DSA-3795-2 notification, which warns of potential remote exploitation risks.
It has been discovered that Tor treats the contents of some buffer chunks as if they were a NUL-terminated string

Summary

It has been discovered that Tor treats the contents of some buffer
chunks as if they were a NUL-terminated string. This issue could
enable a remote attacker to crash a Tor client, hidden service, relay,
or authority.

For the stable distribution (jessie), this problem has been fixed in
version 0.2.5.12-3.

For the unstable distribution (sid), this problem has been fixed in
version 0.2.8.9-1.

For the experimental distribution, this problem has been fixed in
version 0.2.9.4-alpha-1.

We recommend that you upgrade your tor packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: tor
CVE ID: not yet available

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.