-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: armel Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: armhf Build Daemon (antheil) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 7a021d83556b796b6131e7a8813156f00472dddb 4331556 tor-dbgsym_0.3.5.15-1_armel.deb a1f4ae3a05ab2ef534b7d531ba7dc6a4d390109c 6815 tor_0.3.5.15-1_armel-buildd.buildinfo 2c762e3dba61c4df98e47a468b584231ed478575 1706300 tor_0.3.5.15-1_armel.deb Checksums-Sha256: 7f4615541d05967aadaf79a7fbde2a9fd32101341681847c07387615e5d8df83 4331556 tor-dbgsym_0.3.5.15-1_armel.deb 2d83c4ec2c7eaa14889286f5fd6202851bd1d6c31f8599c974b763fea0e12f3d 6815 tor_0.3.5.15-1_armel-buildd.buildinfo 53f7362c55fdac944195b412eb4880a59e4fb82700580d894fd99368e71c5ae8 1706300 tor_0.3.5.15-1_armel.deb Files: 9634b1aa299e0242b393c9f2ae0d2180 4331556 debug optional tor-dbgsym_0.3.5.15-1_armel.deb b277b79105a90a2a80370fa8dff79c8d 6815 net optional tor_0.3.5.15-1_armel-buildd.buildinfo 2b87547543b115694df84d4b6271a6d3 1706300 net optional tor_0.3.5.15-1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+1GJPNvS1hXASfHY/2Ioj1sRd84FAmDMbQwACgkQ/2Ioj1sR d845jBAAoIAAjLyokBv89SywVDYHaRbA4N22fkA2WScYsRE/R1iGzUvMWUJsvBIR A0Gkzr9YSd9/iuk/Xuye5u5Tc1q3KcJyUh74NYGZUCGTNfobEV25Za9qQmTCJVtc kCyONwes4xG82JVvHQbtYxzLws/jCPfJSvPJpy8s+NslujTrdtf/jHxX9E7wn91m QdwE3yiWkMgfOhhgPen0gsAWMDFvxyTf+UUN9RlLyLFeDAfnP+AZtjeLdjJZ34Ki 0aUts1FbTj/nYxdptfxHalABgjtZ4cticlij7gVqs1PUqlw1/aH479UBAOhsaaiq WsBCFPq2+MLIwnmKsiX5NWr0IB9lqYL//dax7Zk24I8Z/Z9wZrjoD4GLajqTSGim D3UIx5ws2BdnzldYXlB+Ih55j9UVjj9sWux4n+mCxQbK8YQU5YuywR6k42B+JJ1g 6NE5fOuUhXSXYC90B4LTpq/irV6MDqFgSLLwjvGYGNI2JOnTA+OeupNW7cO1IwJH BnGpKdR6C5abTpfi1ez3ktw7lpY/qrqT+UOpGR7BB/h7Y2dqBWs0zb9um3hUPsqW NC6jYvob9/RUy8/JnlbR74IkxDnHlF5fncKibDSCkal+VaVhgS5kwbLjPXeNyush FYCFXwdh/qJYsvecZ0N3U0kaDXjNNs+L5kR5thn5yJBWu+JviTQ= =oFd5 -----END PGP SIGNATURE-----