AVG-539

Package tor
Status Fixed
Severity High
Type multiple issues
Affected 0.3.1.8-1
Fixed 0.3.1.9-1
Current 0.3.3.6-1 [community]
Ticket None
Created Tue Dec 5 20:07:11 2017
Issue Severity Remote Type Description
CVE-2017-8823 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Tor before 0.3.1.9, leading to a crash of v2 Tor onion services when they failed to open circuits while...
CVE-2017-8822 High Yes Information disclosure
In Tor before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of anonymity,...
CVE-2017-8820 Medium Yes Denial of service
A denial of service issue where an attacker could crash a directory authority using a malformed router descriptor has been found in Tor before 0.3.1.9.
CVE-2017-8819 Medium Yes Information disclosure
An issue has been found in the way Tor before 0.3.1.9 checked for replays, leading to a possible traffic confirmation attack.
Date Advisory Package Description
16 Dec 2017 ASA-201712-10 tor multiple issues
References
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516