-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: armhf Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: armhf / armel Build Daemon (hoiby) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 46c36df28eb7a494ff24c57bd146b106d100bbb4 4386224 tor-dbgsym_0.3.5.15-1_armhf.deb c66eb4a6f1dd36cd236ff25924cef5c4c12421e8 6817 tor_0.3.5.15-1_armhf-buildd.buildinfo d6a4b856b18026336f4fad2d9cc98acea286f988 1738952 tor_0.3.5.15-1_armhf.deb Checksums-Sha256: fd124b874308368f20c39703cdaf034fa02446873de11e25856e79e318a3a104 4386224 tor-dbgsym_0.3.5.15-1_armhf.deb a8921dda74762ad797f661fcab1d3e00a1dabb6cce28bcfa8318e9b548d241c7 6817 tor_0.3.5.15-1_armhf-buildd.buildinfo 335643b54faf75d26a920025c445ea53d1897c2d52fe7356d8951f12e06e878b 1738952 tor_0.3.5.15-1_armhf.deb Files: 2f722b2fbc1f558cea9c98832f550de7 4386224 debug optional tor-dbgsym_0.3.5.15-1_armhf.deb 5f80af4bd0374f2620227b5b9e46464d 6817 net optional tor_0.3.5.15-1_armhf-buildd.buildinfo bc08f5a9e74bb44098f6ed8045b1d7c4 1738952 net optional tor_0.3.5.15-1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXKbqG0HaSMJSbIp828NZPHfgpE0FAmDMbHwACgkQ28NZPHfg pE0CsQ/8DmAJdbU8ZEJximkpCGDglDbrq17GktED+G08ht9MdyJkrIcLWBzIzHWi mkk7JXjJPA5dNGTNES+1txrAwDE2Tr2dTEU4+OZt1ahIr0YPWZ+2xUSwZlaADI6U Gfhf9clXTr3TANHgoZLgRp8AggWrDc8f5Vpb2t+tRvzsrlF/RI4QLND+PyuqDh5/ m2cVLBljHZlkBnh2BYy3lbgC13Ld8lM+E/0vR1WOUIQTFAvQ8dCtrEbWVLiNbpnz 1PPmVARNjMHvXz224d2TnOfqqN7/nousIYAwPFKfgYzQeDOj5XPCwYma1eALNdId KbrLkR8eV8xqain9oqCPbI7ogxF4FOkMMhbPl+teITm8lMZfTYXFxFqgic5Y91AN ZbOrZDMBb7whVAzdzCp8bv8ELlG8b5eK124L1W0Qjpwy+seZElik4Ny7mobK0Jhs guPsLM3LrhKurxUarbhR1ofhjldf00yjBtIc/RYr1eTvIpZaHCrGHrDm++ExzUQ6 yN0/kVgHwGMuwiU0RBaGhNzvRJqQB4ByJJqlpiMWWzkISFyQHVV6HJDyko1bCDKv pXDTmc9I2gSRbJr5DKTmggPSE61gW3eeTcHQO4kP1yT9JuwDaMsbmrkN76JxTWrp sD9Mqfbpl2eHbKgFDxt55JdMF7mLHcPF71aFtHKzWKtvFBSulOM= =sqn3 -----END PGP SIGNATURE-----