CVE-2017-0377 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Session hijacking
Description	A security issue has been found in Tor <= 0.3.0.8, which could make it easier to eavesdrop on Tor users' traffic. When choosing which guard to use for a circuit, Tor avoids using a node that is in the same family that the exit node it selected, but this check was accidentally removed in 0.3.0.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-336	tor	0.3.0.8-3	0.3.0.9-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Jul 2017	ASA-201707-8	AVG-336	tor	Medium	session hijacking

References
https://blog.torproject.org/blog/tor-0309-released-security-update-clients https://trac.torproject.org/projects/tor/ticket/22753 https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350

References

https://blog.torproject.org/blog/tor-0309-released-security-update-clients
https://trac.torproject.org/projects/tor/ticket/22753
https://github.com/torproject/tor/commit/665baf5ed5c6186d973c46cdea165c0548027350