-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: ppc64el Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: ppc64el Build Daemon (ppc64el-unicamp-01) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 9320b8f60a50ce3679170cf3741d3580b5c60243 4664140 tor-dbgsym_0.3.5.15-1_ppc64el.deb 3562b92ac2330cda7ca0909786eec20d77a34116 6930 tor_0.3.5.15-1_ppc64el-buildd.buildinfo aff2978c47df437f2ad1c5d61d1310c3d1b77633 1877872 tor_0.3.5.15-1_ppc64el.deb Checksums-Sha256: 4bc0113bf638ba43cad4b261eaf48845e3277cc1c16c86335e9f8eab5e92cab8 4664140 tor-dbgsym_0.3.5.15-1_ppc64el.deb 297d06a38a964bb7ee3c411347bbe93f9cc44284938c07fbbfb7a257a770586e 6930 tor_0.3.5.15-1_ppc64el-buildd.buildinfo cc70334e23cbd838f3847ddd286d2d072df45008552987615cd7a16f4d09b55a 1877872 tor_0.3.5.15-1_ppc64el.deb Files: f773696003670e2022a1123519418f03 4664140 debug optional tor-dbgsym_0.3.5.15-1_ppc64el.deb 93b1a45cd3da033201a6424d3f802f0f 6930 net optional tor_0.3.5.15-1_ppc64el-buildd.buildinfo aef96900ff6bb77a4a518711b01a8441 1877872 net optional tor_0.3.5.15-1_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKzbeWucQH7PwwtgznSwNtUaaPI8FAmDMZeoACgkQnSwNtUaa PI8VkxAA3CfDte2wRj4gB8OSvav9SqhYRzNrg3npLOc4cotaqkmbq+4/7a57bv4f 2W9VrICLfxJiUJ1pqawuRqLOY0tzapAm4646By0wDY/kceIMuKfFdFjhJMoo0bSM pjTxYf7swqzOS6+YITcWuV6VXKp+wfloa2FIUsN8cTBazxErn/3Xh9axUkTexCJ2 eTgt/gjYPUVWEaZksiYnue1w9RC0bjeSZArDY+hR/fDkpNZdw8pLP3LgklGhvSPU ENmd5i18Tr4BV12M+01HmajcRm7QcjvIwvQfK4Af3E+I3rYjJwphMadNVvgkdbYY pAHNPZ0ptTB4RCq8aBzSxSXaAVaRwmR6OXLS64Ua1ypbGORRRR9Z3QdOq5DoBWLZ eRDfnVOd7ig93h1kM4Mg1sSUkVRtivNjbaOjUDB+kqjGoIni0zl1fCyXhwAU3WRG gATXDmM40Zdc4WnFXKsHF+4p0K5fHtOn4dRMYs7ZSlzokehvx+HOoP1JA6w6uojL ZU2Q7Rqe5az393LLOMDdbw5iZJwXJVweOxMk/EFSetO/2R3V6BXng9kUKcBZY/n1 3xj1vCCjFQ413oFFExJJuvXNT8VLsT+c/dTMXGDRuuQocotf1Vj9Jp1m1wdKvplK koo7LE3ggVgurULdgFyy3qRnUxXFY/e2j6LVcNVq1U1AhDZlJvM= =Gtdc -----END PGP SIGNATURE-----