AVG-539 log
Package | tor |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 0.3.1.8-1 |
Fixed | 0.3.1.9-1 |
Current | 0.4.8.13-1 [extra] |
Ticket | None |
Created | Tue Dec 5 20:07:11 2017 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2017-8823 | High | Yes | Arbitrary code execution | A use-after-free vulnerability has been found in Tor before 0.3.1.9, leading to a crash of v2 Tor onion services when they failed to open circuits while... |
CVE-2017-8822 | High | Yes | Information disclosure | In Tor before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity,... |
CVE-2017-8820 | Medium | Yes | Denial of service | A denial of service issue where an attacker could crash a directory authority using a malformed router descriptor has been found in Tor before 0.3.1.9. |
CVE-2017-8819 | Medium | Yes | Information disclosure | An issue has been found in the way Tor before 0.3.1.9 checked for replays, leading to a possible traffic confirmation attack. |
Date | Advisory | Package | Type |
---|---|---|---|
16 Dec 2017 | ASA-201712-10 | tor | multiple issues |
References |
---|
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 |