Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 649
    • Issues 649
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 181
    • Merge Requests 181
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #8247

Closed
Open
Opened Dec 05, 2017 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.7] tor: Multiple vulnerabilities (CVE-2017-8819, CVE-2017-8820, CVE-2017-8821, CVE-2017-8822, CVE-2017-8823)

CVE-2017-8819

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective
for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

CVE-2017-8820

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service
(NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010.

CVE-2017-8821

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service
(application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011.

CVE-2017-8822

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors)
can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

CVE-2017-8823

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during
intro-point expiration because the expiring list is mismanaged in certain error cases, aka TROVE-2017-013.

References:

https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516

(from redmine: issue id 8247, created on 2017-12-05, closed on 2017-12-07)

  • Relations:
    • parent #8245 (closed)
  • Changesets:
    • Revision aa584109 by Natanael Copa on 2017-12-07T09:51:22Z:
community/tor: security upgrade to 0.3.1.9

CVE-2017-8819 TROVE-2017-009: Replay-cache ineffective for v2 onion services
CVE-2017-8820 TROVE-2017-010: Remote DoS attack against directory authorities
CVE-2017-8821 TROVE-2017-011: An attacker can make Tor ask for a password
CVE-2017-8822 TROVE-2017-012: Relays can pick themselves in a circuit path
CVE-2017-8823 TROVE-2017-013: Use-after-free in onion service v2

fixes #8247
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.7.1
Milestone
3.7.1 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#8247