-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: amd64 Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 6d52b6177a43b10c9d182895a42e41f465fed2ac 4878476 tor-dbgsym_0.3.5.15-1_amd64.deb e2ec9e3bebd098740824acc31b6ff5a903c0287b 6960 tor_0.3.5.15-1_amd64-buildd.buildinfo 1c947820700bb9deebc4b39124d033a1c46b38e7 1807808 tor_0.3.5.15-1_amd64.deb Checksums-Sha256: aff3ba681006a5b7115be88072ad6d9ee1d7975058a790b989ea687de9100b6b 4878476 tor-dbgsym_0.3.5.15-1_amd64.deb 83261b19049bffba0eb751ddcd3be622bc5c2577142eff9203cf1c26f5e70402 6960 tor_0.3.5.15-1_amd64-buildd.buildinfo fc571db33cd91ffabab3710012287b4cd89321abb431ea3497d1f99fc5d8bba8 1807808 tor_0.3.5.15-1_amd64.deb Files: e8664a7f016a5f53582e1cf55bbdb0e3 4878476 debug optional tor-dbgsym_0.3.5.15-1_amd64.deb 1806cd196daaf907a379c46b34b1a73b 6960 net optional tor_0.3.5.15-1_amd64-buildd.buildinfo 26a9ab73362ee2ea587175506434f907 1807808 net optional tor_0.3.5.15-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEo33KWLLUve5CxgHZGOxRpKJm/V0FAmDMZc8ACgkQGOxRpKJm /V1U2w/7BqKbPkMpvj+gmZ+UTmn8yzwBJmXngWPtwBZ4AnxyvxTkiIcUsjgsUpMY 8wbyUyy5ei538qymd0ZvC74Nqv0qZ8/PJT/Urlv77+sbZzveJ+dY/5eHMRIq2TV8 IOvA9kqmTYvpOZHwjHEhoUNPXDnDkp3WhffDRljHHGE45mVWwvtapxMbLbhGZ+2i 8xQ62NM2uKHieEN8iepnv5ZaimQ64GoqBt1SpJOkCRi3RzczGWknjHbaGzOES3hw LGZKVQ6y2Gdh++vMj/jqprAvt2T3aoEgm8rGDQrZaZP9KnN1yKrm47jhzNk8EmTx Mzrzzk5RgOyKp933lFKcdD/Wbx+lmYQ6m3kw46oozXFZZVY5WOdq76hcQaFY5brU 2l3zOb8pXjUYUNScm8nr2qY9eEYsLuguicFTUpfYkIwSWA4ovZbhWgzBRKA1GZHf NcJRDpDuNwQ1/NL8LWxMHgbMnfw1KXnS5IFl1CRwEPM4XjLMsJLAM1NhJFfFgTWm R+nwfux1aGB8l1CjdRrDgCMMCGHIb+jbVVpt9UoSerPLiLIbWwnBZCNH+0YsiOfi 6DS7dPtfhPqvFOJrBcO/npdixc4ERZw0Yv11rI5S9ufsGk3RWBz3dsJaIkQlJSbK jqnn1L3+9mmYXn9MEJ+4M2gP9rIpVR9xBICAQ6o5UXuFoqZSOaU= =cZe3 -----END PGP SIGNATURE-----