-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: mipsel Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: mipsel Build Daemon (mipsel-manda-04) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: e2b87c9748cec5d333fe8619a15835835f949ade 4285200 tor-dbgsym_0.3.5.15-1_mipsel.deb 6a2e5e077c58eb6fc318aa613a7cff27bce4d0d7 6775 tor_0.3.5.15-1_mipsel-buildd.buildinfo 5729240df0b5797162753daf5ac535370d6d3323 1760344 tor_0.3.5.15-1_mipsel.deb Checksums-Sha256: 2aa01ee4e152c25aee29bfba1b286c5dd161c3df0343f18be2fc517bb66e812c 4285200 tor-dbgsym_0.3.5.15-1_mipsel.deb 0427ab0d1c994f43e65f1c3f966dc38439eead1d5f09fccedc6490a5ffa2d5f2 6775 tor_0.3.5.15-1_mipsel-buildd.buildinfo 737031ab4c99fae0111f7ec3d1cf43de5d1b4410766bc8ea2e73084814104735 1760344 tor_0.3.5.15-1_mipsel.deb Files: 0d105df63cc90ee1e8b060417ca28c38 4285200 debug optional tor-dbgsym_0.3.5.15-1_mipsel.deb 56b68b6d6dd3da2437a70719f76dc312 6775 net optional tor_0.3.5.15-1_mipsel-buildd.buildinfo ecdd7e8dc3c1f54850d7b2ced6f1a219 1760344 net optional tor_0.3.5.15-1_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE3ScFd/C5XooG8cTOSlWhEcfpBVMFAmDMb3oACgkQSlWhEcfp BVPSeRAArIAAycKbIKm5KEx+U0505uwn9CxilPDCD48BV0tpFDf1eAgWizJiPcys fBoznICS0A81V7zHH1T5wV6pI06NHTaTr8oS1IHKg00yGAr7Jqb5sMv1hSy7dDz6 r90OMYpuwoKn2AQqcPnCi1/S9xKNGOlLyYbucMbfIvVnJzi00BjvcgQQhYKPaOHf BDoPAenicvunJkwnmPCW4X95rX5lDG7veBZLb+/ytfe+zuBKO9bxk6TYkXlgrhVv cO/ssqEvOfgG5az90fGr91U9ven0ikCKtSWgolHcHYqK4PEQbESRX9ynYVc+NDtd JMC+80mCOfn7oNiDuAn5uje5azk+eEfbNQq32pziUdudJsxraov0ONGvUbT6/iib idpRWaZdLp4aQNH7E1HgvVxLKA1Soa/3T9TCrx69pkCMCBHH5H3rFAIqGTTD7mhG +bueUhNseESq1WAoosKxzZaeyxuKPRn8lMNcNNdDyBJnkmRaUmcVrfb/9qyegcuH Oxl5j7axc+1ou4XF/qyuFxFAtJ15q+Q89XZk4D5xZkcaHj+8aVq5Drh95di8i4pK gEh2fmyPQ9sedv5x4RCJtPWcNvVzWc2BBAM+I8HXTr6t77kGrhWTDfT9IaUwroEn +nOghK5OWAYfvRvo0mMgQxVIDx6tT0ZYfsJJL/amM4ju9TnRa9A= =+y0p -----END PGP SIGNATURE-----