-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: mips64el Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-manda-04) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 924aef9617e1e04d19efef8d628efa49a26f836e 4661144 tor-dbgsym_0.3.5.15-1_mips64el.deb 05dfde1c73b4c9b16e2e8ac7456b8302fe3d5d94 6798 tor_0.3.5.15-1_mips64el-buildd.buildinfo 80c96f9144b38016b434bde59dce2e236ffda429 1754540 tor_0.3.5.15-1_mips64el.deb Checksums-Sha256: d567e05f8887ca9fa8b166eea5891e215e52612e25bc0742214506c5b300fe9f 4661144 tor-dbgsym_0.3.5.15-1_mips64el.deb 00d299c83ca9622dfc1cf61b15b2311e9c78d4e10e35cea49905e43c93958f14 6798 tor_0.3.5.15-1_mips64el-buildd.buildinfo a201ed1d6b5cf15715b73c375b97458da774ded1fe55af5e5335e037b029e243 1754540 tor_0.3.5.15-1_mips64el.deb Files: e91e9d27243d0c0b50234ba6e6bb4f68 4661144 debug optional tor-dbgsym_0.3.5.15-1_mips64el.deb 94ada6c7a5714693956436162acdd964 6798 net optional tor_0.3.5.15-1_mips64el-buildd.buildinfo ce693bdeaf6cfb65136c80e4018476e8 1754540 net optional tor_0.3.5.15-1_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3ScFd/C5XooG8cTOSlWhEcfpBVMFAmDMaKAACgkQSlWhEcfp BVPTBQ//bPW3KS9uRkb5NHj5YsliJd558l2FSzaMJfSLNOsDVnL3ImypU0OoFrmA 2+z/emmk8LGTgrCsMseQk5v1pb1ghy2+nkqGQhoL8+KdHyvXCjDijUKMURzLCmyn inxb2e0Uo+GZw2LSs4U5LpFGXJekW/DeNxfLUgMNsfod5PWCnRfABWtrGzdFsz5c ZW6jmRN2ic8whZB6wsL1EUjUJp1bK/2EIH0zssYm99epT6JG2Xl8qeI/FWenFkv0 uptRb8AlNTjIInsoiEcpW7e/kCyehsZfzDgfFtRqi21qjrQX8We03uAverVrRDZj nG+lrowQxIvUoYAzXgScyvCJC89gbeWWDUBmP1Mai2f/SpdeWStoWobuulxobAaT sB8LKB98H76daTaeoea+qywG5FnAtPNxGA3X/7iFl76clQlRizw8Wopag/VMDZuu /qtcaM4t9V5ndIaJ2X2UZkTg1v77fZjWpuQakhPnt1g2J4PBSB17cndW42sRhUrE TJeBl3KMr6XJy8OH9WuT3uLMFtsuMSMisAnzVD1PcLUKHwpX/uGTTHn8kdJamjNU gF66NgkgbX2v9ftvFOGOoiELIwBiGritkiGt46caokirUyhPUWorWCxh4gpVyhKA j8C4HsxQJGuHpOGU594PpwoTTKfIyWuXUnJKS8VZcRyxzPAqUC8= =6wM/ -----END PGP SIGNATURE-----