Main Vulnerability Database SB20170613104

SB20170613104 - Arch Linux update for tor

Published: June 13, 2017 Updated: June 14, 2017

Security Bulletin ID SB20170613104

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Reachable Assertion (CVE-ID: CVE-2017-0375)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell.

2) Reachable Assertion (CVE-ID: CVE-2017-0376)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit.

Remediation

Install update from vendor's website.

References

https://security.archlinux.org/advisory/ASA-201706-13