-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: i386 Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 5fa4843308457f54de2a3adede69361d6b725299 4076788 tor-dbgsym_0.3.5.15-1_i386.deb 60d44bf1fd6b71192c7ba0958a79a40f77326a0c 6904 tor_0.3.5.15-1_i386-buildd.buildinfo a735e513423c329fc47861d46aa50668d6005112 1877388 tor_0.3.5.15-1_i386.deb Checksums-Sha256: 203d8c0b9dd2c5269dd6d920bbfabd0dcbbdd3bf72050b0b3961e1d88674c01b 4076788 tor-dbgsym_0.3.5.15-1_i386.deb 6c5def5848624e708386e3dd31edcee3c475ecd9e4a4176f5eeb44b5a83757c0 6904 tor_0.3.5.15-1_i386-buildd.buildinfo 7cad516ce5f0b03077eb16988c801571a3c8875da4c125c07c9a0e9c8dd21ce9 1877388 tor_0.3.5.15-1_i386.deb Files: c7c73613fc4d9348c09c70388cb52668 4076788 debug optional tor-dbgsym_0.3.5.15-1_i386.deb 2917d02c3d31c58608012e9cbd68d6be 6904 net optional tor_0.3.5.15-1_i386-buildd.buildinfo 52a0bdc1968e018f472fa8a3d52821a4 1877388 net optional tor_0.3.5.15-1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEN7duNU9NP062TWmbN0rYXSImzT0FAmDMZrgACgkQN0rYXSIm zT3FTA/+Mkj7h/RqyxQwqt8CVhI2u6mZP5Ugov8dtTK0FElbALpuW7jeEId65i2E Ejz2472Il2+Hgf47O6glXGmPYubWG/BfLEm+TO8XHdqZ5INyNz7CLKdi7+oFILF9 uqcKiI71NFeVMgksOFiqkYlIWZjBkSb+bzFbuVWWrhsZ8HGx50G2CIe70C7FxGVQ F9a+Fpx4/OIgIPe2kTKmb9UFfqLRamVwoZNUKeFO0qxzWfHeHntbkdkx0PRZi24O OwV1V2KeGVfUfJYYsXdyqil4NwIeHnLPdV89z2l27aUWf+jRpqjjFh1+KDVbBAx+ 5anBW9TXNxvbR4xpmJAx0woZroy7H8QBnfmTwOvHnxCSQcjzrtIuL1g1a88QOAeW mHHaF20YRq9h5+NJPkTkEMc7uNVBvEJGpiy28qs64LICL4H6kjRrSzflV5Lq1rXQ xd4XeH5p7UC4Rw7E1ConvYpIY2zY+VD+Gw3c8Qf2E3QSL6q9jTnCz2ZYaVL1Tpwj pqzhMTPKCjwzTguEh3Ic3ZYf2bTof65+8I9Drvy8v7QBQ/t5HO4GnN1QW95aEC47 rKigBYUOX6AdbXOaGgtKehEFx9eHuuTzynD6G0kA9XRa2f2JRfZJUNw7yC8F46e1 SwLU2KSjCkOQn/iFDrbUtEpnJycznqQDe171dSJfMw9IpQIHS/w= =P4J8 -----END PGP SIGNATURE-----