Arch Linux Security Advisory ASA-201707-8
=========================================

Severity: Medium
Date    : 2017-07-11
CVE-ID  : CVE-2017-0377
Package : tor
Type    : session hijacking
Remote  : Yes
Link    : https://security.archlinux.org/AVG-336

Summary
=======

The package tor before version 0.3.0.9-1 is vulnerable to session
hijacking.

Resolution
==========

Upgrade to 0.3.0.9-1.

# pacman -Syu "tor>=0.3.0.9-1"

The problem has been fixed upstream in version 0.3.0.9.

Workaround
==========

None.

Description
===========

A security issue has been found in Tor <= 0.3.0.8, which could make it
easier to eavesdrop on Tor users' traffic. When choosing which guard to
use for a circuit, Tor avoids using a node that is in the same family
that the exit node it selected, but this check was accidentally removed
in 0.3.0.

Impact
======

An attacker might be able to eavesdrop on Tor users' traffic by getting
in a position to analyze both the incoming and outgoing traffic of a
circuit.

References
==========

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://trac.torproject.org/projects/tor/ticket/22753
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350
https://security.archlinux.org/CVE-2017-0377