-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 18 Jun 2021 10:27:26 +0200 Source: tor Binary: tor tor-dbgsym Architecture: s390x Version: 0.3.5.15-1 Distribution: buster-security Urgency: medium Maintainer: s390x Build Daemon (zandonai) Changed-By: Peter Palfrader Description: tor - anonymizing overlay network for TCP Closes: 990000 Changes: tor (0.3.5.15-1) buster-security; urgency=medium . * New upstream version, fixing several (security) issues (closes: #990000). For a full list see the upstream changelog. It includes: - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on half-closed streams. Previously, clients failed to validate which hop sent these cells: this would allow a relay on a circuit to end a stream that wasn't actually built with it. Bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- 003 and CVE-2021-34548. - Detect more failure conditions from the OpenSSL RNG code. Previously, we would detect errors from a missing RNG implementation, but not failures from the RNG code itself. Fortunately, it appears those failures do not happen in practice when Tor is using OpenSSL's default RNG implementation. Bugfix on 0.2.8.1-alpha. This issue is also tracked as TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. - Resist a hashtable-based CPU denial-of-service attack against relays. Previously we used a naive unkeyed hash function to look up circuits in a circuitmux object. An attacker could exploit this to construct circuits with chosen circuit IDs, to create collisions and make the hash table inefficient. Now we use a SipHash construction here instead. Bugfix on 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. - Fix an out-of-bounds memory access in v3 onion service descriptor parsing. An attacker could exploit this bug by crafting an onion service descriptor that would crash any client that tried to visit it. Bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei Glazunov from Google's Project Zero. Checksums-Sha1: 395543879b55c8ca846397305e8c7c10aba0895f 4697188 tor-dbgsym_0.3.5.15-1_s390x.deb d99d1a0a7e7db9b9a2504735f249a756a8cee093 6835 tor_0.3.5.15-1_s390x-buildd.buildinfo f160b0bbb6fa74c65420840864562fed5d17a18f 1684728 tor_0.3.5.15-1_s390x.deb Checksums-Sha256: 4e7992222ca052128472936b1484faeee9311c15eb77efcee05ea4bc97ed016b 4697188 tor-dbgsym_0.3.5.15-1_s390x.deb ae9a48da840db7c127efc549395c29766ce696f5cbe8d33ea735968f575acb63 6835 tor_0.3.5.15-1_s390x-buildd.buildinfo 93cdcf95c75fe8b1df7b81cf57ec32e5260e8105b66ce5dd92d3de229a083d75 1684728 tor_0.3.5.15-1_s390x.deb Files: 5663adb82787bf2ad6605d2a16394786 4697188 debug optional tor-dbgsym_0.3.5.15-1_s390x.deb 1949a11f049851565e942487dcaad703 6835 net optional tor_0.3.5.15-1_s390x-buildd.buildinfo 4d6d3aa914f587832d3b3e15bf0985b5 1684728 net optional tor_0.3.5.15-1_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEFqa2gGJPuqUn28GPt7ZbF/TyQK4FAmDMbukACgkQt7ZbF/Ty QK75LQ/9ELqhmYjmU9XNwWGqOFNwIjPjUtgOWUuqCbDMUdkGvHQpilcModn3Bd/3 OqKeTxZBmH/BYOyJPGZ8bh8IDsxSp53jE2e5j/A7Bedkx6NqEguDC/bbmfSnlLuO fZNjWW4uhT5c0kjn2tcWYi/MWqOuwq6vmTGGbObU+Uac6RPvUFTM6dWVBMwk8Nxn aULbjajt2lUHCgkWb1UoGIbi25jUczX9MadiZrQnrEWUMulFTip1BZCVV0L5Lv+Y YKhzgfl2g2gHKyOUoGfiE/ZfjAL+klX3rXyvZxYV6nQtSBsGjEeRFnfOdGS6WMIM 58zTHK8TgtwerM5OuXGfZtVnc1734yUWypo7KGmpzltvrl5CipSA0bMU52VHsm9V nugmYwiEFokVqBfdr16DaSl7b3f1hIGf1N16rgejkabpekpbbAAM9eN8mvWmnkK+ x88HEBm4mcT00iPj4UV/iXMaIfAxHrnpIfrBwgLoTOp+08S5wsD960SXSOtEDJ4Q Mkummw55wYge+2TZ9KxnMRUAiwdw0CfUp7Jl+rL4CRJnU8dnqTcc7+Oz/GIlSdCi QQX2JAhV1wpPCTaD1W/6mUXne9hYLoDVX2kZlFmxN+gh3jiO90YiBxQU8rPLsgY2 32ZUM3vwtvZFrtZwyQ6D4eUKJEmj1XuveZS3MeSY1uKoU7n3nlA= =32RI -----END PGP SIGNATURE-----