SB2017120304 - Multiple vulnerabilities in tor.eff Tor

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2017-8819)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue.

2) Input validation error (CVE-ID: CVE-2017-8822)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012.

Remediation

Install update from vendor's website.

References

• https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
• https://bugs.torproject.org/24244
• https://www.debian.org/security/2017/dsa-4054
• https://bugs.torproject.org/21534
• https://bugs.torproject.org/24333