AVG-539 log
| Package | tor |
| Status | Fixed |
| Severity | High |
| Type | multiple issues |
| Affected | 0.3.1.8-1 |
| Fixed | 0.3.1.9-1 |
| Current | 0.4.8.11-1 [extra] |
| Ticket | None |
| Created | Tue Dec 5 20:07:11 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2017-8823 | High | Yes | Arbitrary code execution | A use-after-free vulnerability has been found in Tor before 0.3.1.9, leading to a crash of v2 Tor onion services when they failed to open circuits while... |
| CVE-2017-8822 | High | Yes | Information disclosure | In Tor before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity,... |
| CVE-2017-8820 | Medium | Yes | Denial of service | A denial of service issue where an attacker could crash a directory authority using a malformed router descriptor has been found in Tor before 0.3.1.9. |
| CVE-2017-8819 | Medium | Yes | Information disclosure | An issue has been found in the way Tor before 0.3.1.9 checked for replays, leading to a possible traffic confirmation attack. |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 16 Dec 2017 | ASA-201712-10 | tor | multiple issues |
| References |
|---|
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 |