-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: arm64 Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 0e4fa4dc09c2286d4e94def12c8c980bb72ddc9b 4482792 tor-dbgsym_0.3.5.15-1_arm64.deb 1c5b72c82047dca2cf995cf908f2633254741ee0 6883 tor_0.3.5.15-1_arm64-buildd.buildinfo 6b14bbe230db14dc586e87f2b43b762db90df719 1732576 tor_0.3.5.15-1_arm64.deb Checksums-Sha256: 14a1b3594b3d176b47261ea378033582474018d631681efa31201d069fdd336f 4482792 tor-dbgsym_0.3.5.15-1_arm64.deb 74d7f6c264e2ae7e8e246852977e925795ac3745dbd4e19f81968950034b3f42 6883 tor_0.3.5.15-1_arm64-buildd.buildinfo 3c4d9e4f26574882cab060dc9f5f84ce9758cc0aede2b25df2398876dfc60a1d 1732576 tor_0.3.5.15-1_arm64.deb Files: d0786ca119da7d0b936eaf0f0f4ee72f 4482792 debug optional tor-dbgsym_0.3.5.15-1_arm64.deb efab4c451beb01ceb148677c00c9609a 6883 net optional tor_0.3.5.15-1_arm64-buildd.buildinfo a0dbe5c8b8282e2cbf1063385d616a36 1732576 net optional tor_0.3.5.15-1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEacaZJEoOkCBqMc0ik7/kqR9yTgQFAmDMZ3sACgkQk7/kqR9y TgQOaw/+NI2103kqiFWBdxXalVQBK/KZOhcbMO8FuYg+r5OWw+VxMoVDCFAuIrwl ZfP2NlhPg5FLmRvin6ji5TSNTOWX//jmRvnhKuW78t760uwOCGoCmS4kU+P+MDpq OQMEUaMa7dQsxp05C5XdAp2+4ympdX3CklT2liCYw45iK4oAleOU8IAc/++tUK5k MDkeKxK9LRg0klmt94a/2tLyGoo02RUVCM38PnK3kXtzmiM1jV/+wVnoP3uaqPfm O6+cPXQeXsKklePsAHoy6sIP4A9EjEF8CEDbAaRh5BxPcODMRE36gJLhYkhStD9L PGMpfCoNFKg2Np4dlzxEfTowtKnT0RZBxod6aMdUL+bHZRRMK5YQmKk+Epz4F1Aq 77imOB6cSH9I6LfD0KEM5vM11ycnweILdQs8wONlWa23V07Dp5WN+kqKEs15Lvih UoUnMZzQnJ4gS5S/td7n/YyH3VL7A7x89SHRb2VHczl4SR2ihzc3AmXA5F1RuSo1 D3L10i14QFlvxRdEXhxGzpl+Ovy2BZ3eGTXB64oFlPffNJlrLRFS9BhYBAxaL2dE /PD5PyBKuZG1HwVRJbcMWNZE9+nBoCBHEAkwr0l5NUVqNBL8/ThbZtEoD3kxo0DO dsTn+GHZjHAYrj+letRQpwvMuF/SdoECHp4UBaH64PDIWR2mpf4= =mKwO -----END PGP SIGNATURE-----