Subject: [ASA-201706-13] tor: denial of service Arch Linux Security Advisory ASA-201706-13 ========================================== Severity: Medium Date : 2017-06-13 CVE-ID : CVE-2017-0375 CVE-2017-0376 Package : tor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-296 Summary ======= The package tor before version 0.3.0.8-1 is vulnerable to denial of service. Resolution ========== Upgrade to 0.3.0.8-1. # pacman -Syu "tor>=0.3.0.8-1" The problems have been fixed upstream in version 0.3.0.8. Workaround ========== None. Description =========== - CVE-2017-0375 (denial of service) The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the relay_send_end_cell_from_edge_ function via a malformed BEGIN cell. - CVE-2017-0376 (denial of service) The hidden-service feature in Tor before 0.3.0.8 allows a denial of service (assertion failure and daemon exit) in the connection_edge_process_relay_cell function via a BEGIN_DIR cell on a rendezvous circuit. Impact ====== A remote attacker is able to send specially crafted input to the hidden-service feature of tor to crash the application. References ========== https://bugs.archlinux.org/task/54439 https://lists.torproject.org/pipermail/tor-announce/2017-June/000131.html https://trac.torproject.org/projects/tor/ticket/22493 https://github.com/torproject/tor/commit/79b59a2dfcb68897ee89d98587d09e55f07e68d7 https://trac.torproject.org/projects/tor/ticket/22494 https://github.com/torproject/tor/commit/56a7c5bc15e0447203a491c1ee37de9939ad1dcd https://security.archlinux.org/CVE-2017-0375 https://security.archlinux.org/CVE-2017-0376