Arch Linux Security Advisory ASA-201712-10 ========================================== Severity: High Date : 2017-12-16 CVE-ID : CVE-2017-8819 CVE-2017-8820 CVE-2017-8822 CVE-2017-8823 Package : tor Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-539 Summary ======= The package tor before version 0.3.1.9-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and denial of service. Resolution ========== Upgrade to 0.3.1.9-1. # pacman -Syu "tor>=0.3.1.9-1" The problems have been fixed upstream in version 0.3.1.9. Workaround ========== None. Description =========== - CVE-2017-8819 (information disclosure) An issue has been found in the way Tor before 0.3.1.9 checked for replays, leading to a possible traffic confirmation attack. - CVE-2017-8820 (denial of service) A denial of service issue where an attacker could crash a directory authority using a malformed router descriptor has been found in Tor before 0.3.1.9. - CVE-2017-8822 (information disclosure) In Tor before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity, aka TROVE-2017-012. - CVE-2017-8823 (arbitrary code execution) A use-after-free vulnerability has been found in Tor before 0.3.1.9, leading to a crash of v2 Tor onion services when they failed to open circuits while expiring introduction points. Impact ====== A remote attacker might be able to reduce the anonymity of Tor users, cause a denial of service or execute arbitrary code on the affected host. References ========== https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 https://trac.torproject.org/projects/tor/ticket/24244 https://trac.torproject.org/projects/tor/ticket/24245 https://bugs.torproject.org/21534 https://bugs.torproject.org/24333 https://trac.torproject.org/projects/tor/ticket/24313 https://security.archlinux.org/CVE-2017-8819 https://security.archlinux.org/CVE-2017-8820 https://security.archlinux.org/CVE-2017-8822 https://security.archlinux.org/CVE-2017-8823