-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: mips Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: mips Build Daemon (mips-manda-01) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: c544c0bc6fb2a627ee99aea381c423d7a5998ddd 4356548 tor-dbgsym_0.3.5.15-1_mips.deb 5295add72a6be76931f7ef7479ff75d07d2598a8 6757 tor_0.3.5.15-1_mips-buildd.buildinfo 281fca1000e8e1ceccddc1826c1eb297c1de3952 1737592 tor_0.3.5.15-1_mips.deb Checksums-Sha256: b26e855fad518e49360c652012a8b66a921477daebc8e896d12abe935b276ca7 4356548 tor-dbgsym_0.3.5.15-1_mips.deb 7e16cafc0e0558ce514199e7dff627d560d33ed8741ce43aa9e61051ab5181dc 6757 tor_0.3.5.15-1_mips-buildd.buildinfo 6d9699c617f9d52be87f7d9dca5085efc26ba284ed2c4ab8a760608a7c49b63e 1737592 tor_0.3.5.15-1_mips.deb Files: e50230c3bde98d848d701403a1eebe0d 4356548 debug optional tor-dbgsym_0.3.5.15-1_mips.deb d19e179655a02a07828691dd7adb3052 6757 net optional tor_0.3.5.15-1_mips-buildd.buildinfo 860261c616faf762901eb6b028965878 1737592 net optional tor_0.3.5.15-1_mips.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhnMg2w1ioN6Y4CfNHxQ53MmvhPIFAmDMbr4ACgkQHxQ53Mmv hPKzThAAgg83YjYMWoluuQ+GfMqdiQdFwBGRM5lLsfr/ra+b9gQT6AA+leTtfNbn VGDFEo9clLX7vogCg1AEKbjs5hoQBvUJ3hEhk+mCdi6r7lZwIpEnEkA2PGKoYm2Z 60gZYLLBmKwimScGWUmYKe4Vv+7xQIRfJdPjZv3NcRPhsEH2CJJyDq3Pfd8eBrsV fYOKHmflPKX0i5mea+IVF+qLiEpvoRrkc9oXT5DzijbRZVYlQvhnabP1Je6rnyGR 2l0FmwO0H8TYqYjI8KDhDOpJrzUCbcT9kmgYTqxsoykHRaCJ05O/ccYKIzyc0XIV XqFW6JUdQt8RO5bJslmq8Bfy+DwJUPXnwsOEVm1dI1CHXum1Xb/20gXzsROLztdM O0t7FN/p8g6xZPaK8o+EgNakOYdKA6alQU9KUFFeCwC7DegaTuy8VWHwokb5Ximu f/8O36tidAAihx36FxR/urSANOfWQccKFw9g+W7qa4mJrcEqjim0D+2A8u5mTLN4 I2TDY1/xJ/g5H/FPIUqjXuvzMdAu93SrfgwFZvWlIFcZF0msHG0Y7KBF9BulAkU2 sXKYZs01eeu/xAKkp/fIrphzhpZJyy7FTRY2rdk1V5aRuyxIikyIZAOVeQfiwHlJ EWHFvYthVhZZ9EOvh2hdVYFvcp2ekbnwSCNLo68B3JcRg0GXKUY= =uCPI -----END PGP SIGNATURE-----